Does WebKernelAI – Advanced Form Builder have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WebKernelAI – Advanced Form Builder compatible with WordPress 6.9.4?

According to WordPress.org data, WebKernelAI – Advanced Form Builder 1.0.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WebKernelAI – Advanced Form Builder compatible with PHP 7.4+?

WebKernelAI – Advanced Form Builder requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WebKernelAI – Advanced Form Builder updated?

WebKernelAI – Advanced Form Builder was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is WebKernelAI – Advanced Form Builder's security score?

WebKernelAI – Advanced Form Builder has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WebKernelAI – Advanced Form Builder Security & Risk Analysis

wordpress.org/plugins/webkernelai-advanced-form-builder

A fast, secure, and scalable form builder using custom database tables and AJAX submissions.

0 active installs v1.0.2 PHP 7.4+ WP 6.0+ Updated Mar 5, 2026

ajax-formcontact-formcustom-formsemail-formsform-builder

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WebKernelAI – Advanced Form Builder Safe to Use in 2026?

Generally Safe

Score 100/100

WebKernelAI – Advanced Form Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "webkernelai-advanced-form-builder" v1.0.2 plugin exhibits a mixed security posture. On the positive side, the code adheres to good practices regarding SQL queries, output escaping, and file operations, with 100% of SQL queries using prepared statements and all outputs being properly escaped. The absence of known vulnerabilities in its history and a clean taint analysis report with no critical or high severity unsanitized flows are also strong indicators of a secure development approach in these areas. However, a significant concern arises from the attack surface. A total of 6 entry points were identified, with a concerning 5 of them lacking authentication checks. This means that potentially sensitive actions or data can be accessed and manipulated by unauthenticated users, representing a substantial risk. The presence of 12 nonce checks and 9 capability checks suggests an intention to secure functionality, but the direct exposure of 5 AJAX handlers without these checks undermines this effort.

While the plugin demonstrates good practices in data handling and query execution, the high number of unprotected AJAX handlers significantly elevates the risk profile. The plugin's history of zero known vulnerabilities is a positive sign, but it does not mitigate the immediate risk posed by the exposed attack surface. The conclusion is that while the core code appears robust in terms of data manipulation and output sanitization, the lack of security on its primary interaction points (AJAX handlers) creates a considerable vulnerability that needs urgent attention. The plugin has strengths in its careful handling of data and queries, but significant weaknesses in its authentication strategy for its entry points.

Key Concerns

Large attack surface without auth
Unprotected AJAX handlers

Vulnerabilities

None known

WebKernelAI – Advanced Form Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WebKernelAI – Advanced Form Builder Release Timeline

v1.0.3

v1.0.2Current

Code Analysis

Analyzed Apr 16, 2026

WebKernelAI – Advanced Form Builder Code Analysis

Dangerous Functions

Raw SQL Queries

25 prepared

Unescaped Output

455 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTables

SQL Query Safety

100% prepared25 total queries

Output Escaping

100% escaped456 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

11 flows

index (includes/Admin/Entries.php:15)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

WebKernelAI – Advanced Form Builder Attack Surface

Entry Points6

Unprotected5

AJAX Handlers 5

authwp_ajax_wkaf_test_smtpincludes/Core/Plugin.php:20

authwp_ajax_wkaf_test_smtpincludes/Core/Plugin.php:29

authwp_ajax_wkaf_submit_formincludes/Core/Plugin.php:51

noprivwp_ajax_wkaf_submit_formincludes/Core/Plugin.php:52

authwp_ajax_wkaf_entries_listincludes/Core/Plugin.php:53

Shortcodes 1

[wkaf_form] includes/Frontend/Shortcode/FormShortcode.php:15

WordPress Hooks 14

actionadmin_enqueue_scriptsincludes/Admin/Assets.php:16

actionadmin_post_wkaf_export_entriesincludes/Admin/Exports.php:16

actionadmin_menuincludes/Admin/Menu.php:12

actionadmin_post_wkaf_save_settingsincludes/Admin/SettingsSave.php:12

actionphpmailer_initincludes/Ajax/TestSMTP.php:87

filterwp_mail_fromincludes/Ajax/TestSMTP.php:122

filterwp_mail_from_nameincludes/Ajax/TestSMTP.php:129

filterwp_mail_fromincludes/Core/Mailer.php:81

filterwp_mail_from_nameincludes/Core/Mailer.php:88

actionphpmailer_initincludes/Core/Mailer.php:98

actionadmin_post_wkaf_save_formincludes/Core/Plugin.php:16

actioninitincludes/Core/Plugin.php:47

actionadmin_post_wkaf_save_settingsincludes/Core/Plugin.php:67

actionwp_enqueue_scriptsincludes/Frontend/Assets/AssetLoader.php:23

Maintenance & Trust

WebKernelAI – Advanced Form Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version7.4

Downloads293

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

WebKernelAI – Advanced Form Builder Alternatives

فرم ساز فرم افزار

formafzar

ابزاری آسان برای ساخت فرم‌های آنلاین قدرتمند بصورت حرفه‌ای، به آسانی و کمتر از چند دقیقه فرم خودتون رو بسازید و به اشتراک بگذارید

600 1 CVE

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 16 CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

700K 33 CVEs

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor

metform

The most popular Elementor forms builder to create WordPress forms like contact forms, booking forms, feedback form, survey forms, application forms a …

600K 26 CVEs

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

600K 75 CVEs

Developer Profile

WebKernelAI – Advanced Form Builder Developer Profile

Aamir Sahil

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WebKernelAI – Advanced Form Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/webkernelai-advanced-form-builder/assets/admin/css/wkaf-admin.css/wp-content/plugins/webkernelai-advanced-form-builder/assets/admin/js/wkaf-admin-tabs.js/wp-content/plugins/webkernelai-advanced-form-builder/assets/admin/css/wkaf-admin-settings.css/wp-content/plugins/webkernelai-advanced-form-builder/assets/admin/js/wkaf-settings.js/wp-content/plugins/webkernelai-advanced-form-builder/assets/admin/css/wkaf-form-admin.css/wp-content/plugins/webkernelai-advanced-form-builder/assets/admin/css/jquery.dataTables.min.css/wp-content/plugins/webkernelai-advanced-form-builder/assets/admin/js/jquery.dataTables.min.js/wp-content/plugins/webkernelai-advanced-form-builder/assets/admin/js/wkaf-entries.js

Script Paths

/wp-content/plugins/webkernelai-advanced-form-builder/assets/admin/js/wkaf-admin-tabs.js/wp-content/plugins/webkernelai-advanced-form-builder/assets/admin/js/wkaf-settings.js/wp-content/plugins/webkernelai-advanced-form-builder/assets/admin/js/jquery.dataTables.min.js/wp-content/plugins/webkernelai-advanced-form-builder/assets/admin/js/wkaf-entries.js

Version Parameters

webkernelai-advanced-form-builder/assets/admin/css/wkaf-admin.css?ver=webkernelai-advanced-form-builder/assets/admin/js/wkaf-admin-tabs.js?ver=webkernelai-advanced-form-builder/assets/admin/css/wkaf-admin-settings.css?ver=webkernelai-advanced-form-builder/assets/admin/js/wkaf-settings.js?ver=webkernelai-advanced-form-builder/assets/admin/css/wkaf-form-admin.css?ver=webkernelai-advanced-form-builder/assets/admin/css/jquery.dataTables.min.css?ver=webkernelai-advanced-form-builder/assets/admin/js/jquery.dataTables.min.js?ver=webkernelai-advanced-form-builder/assets/admin/js/wkaf-entries.js?ver=

HTML / DOM Fingerprints

CSS Classes

wkaf-admin-settings-wrapwkaf-form-builder-settingswkaf-form-builder-field-wrapwkaf-form-builder-settings-sectionwkaf-form-builder-field-labelwkaf-form-builder-field-inputwkaf-form-builder-field-textareawkaf-form-builder-field-select+9 more

HTML Comments

Base Admin CSSBase Admin JSjQuery UI SortableSETTINGS PAGE+3 more

Data Attributes

data-wkaf-form-iddata-wkaf-field-iddata-wkaf-field-type

JS Globals

WKAF_SETTINGSWKAF_ENTRIES

REST Endpoints

/wp-json/wkaf/v1/submit_form/wp-json/wkaf/v1/save_settings/wp-json/wkaf/v1/test_smtp/wp-json/wkaf/v1/entries_list/wp-json/wkaf/v1/entry_delete

Shortcode Output

<form id="wkaf-form-" class="wkaf-form-frontend" data-wkaf-form-id="

FAQ