Does weForms – Easy Drag & Drop Contact Form Builder For WordPress have any unpatched vulnerabilities?

No. All known vulnerabilities in weForms – Easy Drag & Drop Contact Form Builder For WordPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is weForms – Easy Drag & Drop Contact Form Builder For WordPress compatible with WordPress 6.9.4?

According to WordPress.org data, weForms – Easy Drag & Drop Contact Form Builder For WordPress 1.6.28 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is weForms – Easy Drag & Drop Contact Form Builder For WordPress compatible with PHP 7.2.5+?

weForms – Easy Drag & Drop Contact Form Builder For WordPress requires PHP 7.2.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

weForms – Easy Drag & Drop Contact Form Builder For WordPress Security & Risk Analysis

wordpress.org/plugins/weforms

The easiest & fastest Contact Form on WordPress. Multiple templates, drag-&-drop live builder, submission listing, reCaptcha & more!

10K active installs v1.6.28 PHP 7.2.5+ WP 5.0+ Updated Mar 5, 2026

contact-formcustom-formform-builderform-creatorforms

A · Safe

CVEs total9

Unpatched0

Last CVEMar 10, 2026

Plugin page Download

Safety Verdict

Is weForms – Easy Drag & Drop Contact Form Builder For WordPress Safe to Use in 2026?

Generally Safe

Score 89/100

weForms – Easy Drag & Drop Contact Form Builder For WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

9 known CVEsLast CVE: Mar 10, 2026Updated 29d ago

Risk Assessment

The weForms plugin v1.6.28 exhibits a mixed security posture. While it demonstrates strong practices in areas like prepared SQL statements (97%) and output escaping (91%), and has no currently unpatched CVEs, several concerning findings emerge from the static analysis. The presence of 4 unprotected AJAX handlers significantly increases the attack surface, as these can be exploited by unauthenticated users. The taint analysis reveals 8 high-severity flows with unsanitized paths, indicating potential injection vulnerabilities that could lead to serious compromises. The plugin's history of 9 CVEs, including 2 high-severity ones, suggests a recurring pattern of vulnerabilities, although the absence of recent unpatched issues is positive.

Despite a good foundation in general security practices, the specific risks identified in the static analysis (unprotected entry points and high-severity taint flows) and the historical vulnerability trend warrant careful consideration. The plugin's strengths lie in its commitment to prepared statements and output escaping. However, the identified weaknesses, particularly the unprotected AJAX handlers and the taint analysis results, represent immediate risks that could be exploited. The plugin's past vulnerability patterns, even if currently patched, highlight an area that requires continued vigilance.

Key Concerns

4 AJAX handlers without auth checks
8 high severity taint flows
9 total known CVEs
2 high severity CVEs
22 dangerous functions (unserialize)

Vulnerabilities

weForms – Easy Drag & Drop Contact Form Builder For WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2020

2020

1 CVE in 2022

2022

2 CVEs in 2023

2023

3 CVEs in 2024

2024

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

9 total CVEs

CVE-2026-2707medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

weForms <= 1.6.27 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Hidden Field Value via REST API

Mar 10, 2026 Patched in 1.6.28 (1d)

CVE-2025-69028medium · 5.3Missing Authorization

weForms <= 1.6.25 - Missing Authorization

Dec 29, 2025 Patched in 1.6.26 (9d)

WF-379a5016-3968-4b28-8d6e-0f517e419016-weformsmedium · 5.3Use of Less Trusted Source

Various Plugins <= Various Version - Use of Polyfill.io

Jun 25, 2024 Patched in 1.6.24 (14d)

CVE-2024-30512medium · 5.3Missing Authorization

weForms <= 1.6.20 - Missing Authorization

Mar 28, 2024 Patched in 1.6.21 (27d)

CVE-2024-0386high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

weForms <= 1.6.21 - Unauthenticated Stored Cross-Site Scripting via Referer

Mar 12, 2024 Patched in 1.6.22 (140d)

CVE-2023-51524medium · 6.5Missing Authorization

weForms <= 1.6.18 - Missing Authorization via export_form_entries

Dec 27, 2023 Patched in 1.6.19 (27d)

CVE-2023-50896medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

weForms – Easy Drag & Drop Contact Form Builder For WordPress <= 1.6.17 - Authenticated (Admin+) Stored Cross-Site Scripting

Dec 26, 2023 Patched in 1.6.18 (28d)

CVE-2022-2395medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

weForms <= 1.6.13 - Authenticated (Admin+) Stored Cross-Site Scripting

Jul 12, 2022 Patched in 1.6.14 (560d)

CVE-2020-22276high · 8.6Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

WeForms <= 1.4.7 - CSV injection via form entry

Aug 13, 2020 Patched in 1.4.8 (1258d)

Code Analysis

Analyzed Mar 16, 2026

weForms – Easy Drag & Drop Contact Form Builder For WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

70 prepared

Unescaped Output

114

1168 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize? @unserialize( $payment_data->payment_data, [ 'allowed_classes' => false ] )includes\admin\class-privacy.php:223

unserialize$payment->payment_data = @unserialize( $payment->payment_data, [ 'allowed_classes' => false ] );includes\api\class-weforms-forms-controller.php:1552

unserialize$payment->payment_data = @unserialize( $payment->payment_data, [ 'allowed_classes' => false ] );includes\class-ajax.php:524

unserialize? @unserialize( $value, [ 'allowed_classes' => false ] )includes\class-form-entry.php:191

unserialize? @unserialize( $value, [ 'allowed_classes' => false ] )includes\class-form-entry.php:220

unserialize? @unserialize( $value, [ 'allowed_classes' => false ] )includes\class-form-entry.php:245

unserialize? @unserialize( $value, [ 'allowed_classes' => false ] )includes\class-form-entry.php:311

unserialize? @unserialize( $value, [ 'allowed_classes' => false ] )includes\class-form-entry.php:377

unserialize? @unserialize( $content->post_content, [ 'allowed_classes' => false ] )includes\class-form.php:131

unserialize$result = unserialize($payload);security-tests\exploit-poc.php:79

unserialize? @unserialize($payload, ['allowed_classes' => false])security-tests\exploit-poc.php:102

unserialize? @unserialize( $payment_data->payment_data, [ 'allowed_classes' => false ] )trunk\includes\admin\class-privacy.php:223

unserialize$payment->payment_data = @unserialize( $payment->payment_data, [ 'allowed_classes' => false ] );trunk\includes\api\class-weforms-forms-controller.php:1552

unserialize$payment->payment_data = @unserialize( $payment->payment_data, [ 'allowed_classes' => false ] );trunk\includes\class-ajax.php:524

unserialize? @unserialize( $value, [ 'allowed_classes' => false ] )trunk\includes\class-form-entry.php:191

unserialize? @unserialize( $value, [ 'allowed_classes' => false ] )trunk\includes\class-form-entry.php:220

unserialize? @unserialize( $value, [ 'allowed_classes' => false ] )trunk\includes\class-form-entry.php:245

unserialize? @unserialize( $value, [ 'allowed_classes' => false ] )trunk\includes\class-form-entry.php:311

unserialize? @unserialize( $value, [ 'allowed_classes' => false ] )trunk\includes\class-form-entry.php:377

unserialize? @unserialize( $content->post_content, [ 'allowed_classes' => false ] )trunk\includes\class-form.php:131

unserialize$result = unserialize($payload);trunk\security-tests\exploit-poc.php:79

unserialize? @unserialize($payload, ['allowed_classes' => false])trunk\security-tests\exploit-poc.php:102

SQL Query Safety

97% prepared72 total queries

Output Escaping

91% escaped1282 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

16 flows8 with unsanitized paths

save_settings (includes\class-ajax.php:367)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

weForms – Easy Drag & Drop Contact Form Builder For WordPress Attack Surface

Entry Points64

Unprotected4

AJAX Handlers 62

authwp_ajax_weforms-dismiss-promotional-offer-noticeincludes\admin\class-promotion.php:11

authwp_ajax_weforms-dismiss-review-noticeincludes\admin\class-promotion.php:12

authwp_ajax_wpuf_upload_fileincludes\class-ajax-upload.php:17

noprivwp_ajax_wpuf_upload_fileincludes\class-ajax-upload.php:18

authwp_ajax_wpuf_file_delincludes\class-ajax-upload.php:20

noprivwp_ajax_wpuf_file_delincludes\class-ajax-upload.php:21

authwp_ajax_weforms_form_listincludes\class-ajax.php:11

authwp_ajax_weforms_get_usersincludes\class-ajax.php:12

authwp_ajax_weforms_form_namesincludes\class-ajax.php:13

authwp_ajax_weforms_form_createincludes\class-ajax.php:14

authwp_ajax_weforms_form_deleteincludes\class-ajax.php:15

authwp_ajax_weforms_form_delete_bulkincludes\class-ajax.php:16

authwp_ajax_weforms_form_duplicateincludes\class-ajax.php:17

authwp_ajax_weforms_read_logsincludes\class-ajax.php:20

authwp_ajax_weforms_delete_logsincludes\class-ajax.php:21

authwp_ajax_weforms_contact_form_templateincludes\class-ajax.php:24

authwp_ajax_weforms_save_settingsincludes\class-ajax.php:27

authwp_ajax_weforms_get_settingsincludes\class-ajax.php:28

authwp_ajax_weforms_import_formincludes\class-ajax.php:31

authwp_ajax_weforms_get_formincludes\class-ajax.php:34

authwp_ajax_wpuf_form_builder_save_formincludes\class-ajax.php:35

authwp_ajax_weforms_form_entriesincludes\class-ajax.php:38

authwp_ajax_weforms_form_entry_detailsincludes\class-ajax.php:40

authwp_ajax_weforms_form_entry_trashincludes\class-ajax.php:41

authwp_ajax_weforms_form_entry_deleteincludes\class-ajax.php:42

authwp_ajax_weforms_form_entry_restoreincludes\class-ajax.php:43

authwp_ajax_weforms_form_entry_trash_bulkincludes\class-ajax.php:45

authwp_ajax_weforms_form_entry_restore_bulkincludes\class-ajax.php:46

authwp_ajax_weforms_frontend_submitincludes\class-ajax.php:49

noprivwp_ajax_weforms_frontend_submitincludes\class-ajax.php:50

authwp_ajax_wpuf_mailpoet_fetch_listsincludes\integrations\mailpoet\class-integration-mailpoet.php:26

authwp_ajax_weforms-dismiss-promotional-offer-noticetrunk\includes\admin\class-promotion.php:11

authwp_ajax_weforms-dismiss-review-noticetrunk\includes\admin\class-promotion.php:12

authwp_ajax_wpuf_upload_filetrunk\includes\class-ajax-upload.php:17

noprivwp_ajax_wpuf_upload_filetrunk\includes\class-ajax-upload.php:18

authwp_ajax_wpuf_file_deltrunk\includes\class-ajax-upload.php:20

noprivwp_ajax_wpuf_file_deltrunk\includes\class-ajax-upload.php:21

authwp_ajax_weforms_form_listtrunk\includes\class-ajax.php:11

authwp_ajax_weforms_get_userstrunk\includes\class-ajax.php:12

authwp_ajax_weforms_form_namestrunk\includes\class-ajax.php:13

authwp_ajax_weforms_form_createtrunk\includes\class-ajax.php:14

authwp_ajax_weforms_form_deletetrunk\includes\class-ajax.php:15

authwp_ajax_weforms_form_delete_bulktrunk\includes\class-ajax.php:16

authwp_ajax_weforms_form_duplicatetrunk\includes\class-ajax.php:17

authwp_ajax_weforms_read_logstrunk\includes\class-ajax.php:20

authwp_ajax_weforms_delete_logstrunk\includes\class-ajax.php:21

authwp_ajax_weforms_contact_form_templatetrunk\includes\class-ajax.php:24

authwp_ajax_weforms_save_settingstrunk\includes\class-ajax.php:27

authwp_ajax_weforms_get_settingstrunk\includes\class-ajax.php:28

authwp_ajax_weforms_import_formtrunk\includes\class-ajax.php:31

authwp_ajax_weforms_get_formtrunk\includes\class-ajax.php:34

authwp_ajax_wpuf_form_builder_save_formtrunk\includes\class-ajax.php:35

authwp_ajax_weforms_form_entriestrunk\includes\class-ajax.php:38

authwp_ajax_weforms_form_entry_detailstrunk\includes\class-ajax.php:40

authwp_ajax_weforms_form_entry_trashtrunk\includes\class-ajax.php:41

authwp_ajax_weforms_form_entry_deletetrunk\includes\class-ajax.php:42

authwp_ajax_weforms_form_entry_restoretrunk\includes\class-ajax.php:43

authwp_ajax_weforms_form_entry_trash_bulktrunk\includes\class-ajax.php:45

authwp_ajax_weforms_form_entry_restore_bulktrunk\includes\class-ajax.php:46

authwp_ajax_weforms_frontend_submittrunk\includes\class-ajax.php:49

noprivwp_ajax_weforms_frontend_submittrunk\includes\class-ajax.php:50

authwp_ajax_wpuf_mailpoet_fetch_liststrunk\includes\integrations\mailpoet\class-integration-mailpoet.php:26

Shortcodes 2

[weforms] includes\class-frontend-form.php:9

[weforms] trunk\includes\class-frontend-form.php:9

WordPress Hooks 148

actionadmin_menuincludes\admin\class-admin-welcome.php:11

actionadmin_headincludes\admin\class-admin-welcome.php:12

actionadmin_initincludes\admin\class-admin-welcome.php:13

actioninitincludes\admin\class-admin.php:9

actionadmin_menuincludes\admin\class-admin.php:10

actionpre_update_option_wpuf_generalincludes\admin\class-admin.php:11

actionadmin_noticesincludes\admin\class-admin.php:13

filteradmin_footer_textincludes\admin\class-admin.php:15

filteradmin_post_weforms_export_formsincludes\admin\class-admin.php:16

filteradmin_post_weforms_export_form_entriesincludes\admin\class-admin.php:17

filterweforms_settings_tabsincludes\admin\class-admin.php:20

actionweforms_settings_tab_content_generalincludes\admin\class-admin.php:21

actionweforms_settings_tab_content_recaptchaincludes\admin\class-admin.php:22

actionweforms_settings_tab_content_secure-databaseincludes\admin\class-admin.php:23

actionweforms_settings_tab_content_humanpresenceincludes\admin\class-admin.php:24

actionweforms_settings_tab_content_privacyincludes\admin\class-admin.php:25

actionadmin_enqueue_scriptsincludes\admin\class-form-builder-assets.php:13

actionadmin_print_scriptsincludes\admin\class-form-builder-assets.php:14

actionadmin_footerincludes\admin\class-form-builder-assets.php:15

actionwpuf-form-builder-template-builder-stage-submit-areaincludes\admin\class-form-builder-assets.php:17

actionwpuf-form-builder-tabs-contact_formincludes\admin\class-form-builder-assets.php:19

actionwpuf-form-builder-tab-contents-contact_formincludes\admin\class-form-builder-assets.php:20

actionwpuf-form-builder-settings-tabs-contact_formincludes\admin\class-form-builder-assets.php:22

actionwpuf-form-builder-settings-tab-contents-contact_formincludes\admin\class-form-builder-assets.php:23

actionenqueue_block_editor_assetsincludes\admin\class-gutenblock.php:17

actionwp_headincludes\admin\class-gutenblock.php:19

actionadmin_initincludes\admin\class-privacy.php:14

filterwp_privacy_personal_data_exportersincludes\admin\class-privacy.php:20

filterwp_privacy_personal_data_erasersincludes\admin\class-privacy.php:24

filterweforms_integrationsincludes\admin\class-pro-upgrades.php:16

filterweforms_field_get_js_settingsincludes\admin\class-pro-upgrades.php:19

filterweforms_form_fieldsincludes\admin\class-pro-upgrades.php:20

filterweforms_field_groups_customincludes\admin\class-pro-upgrades.php:21

filterweforms_field_groups_othersincludes\admin\class-pro-upgrades.php:22

actionadmin_noticesincludes\admin\class-promotion.php:9

actionadmin_noticesincludes\admin\class-promotion.php:10

actionadmin_enqueue_scriptsincludes\admin\class-shortcode-button.php:14

actionmedia_buttonsincludes\admin\class-shortcode-button.php:15

actionadmin_footerincludes\admin\class-shortcode-button.php:16

filterdokan_settings_sectionsincludes\class-dokan-integration.php:12

filterdokan_get_dashboard_navincludes\class-dokan-integration.php:13

actiondokan_load_custom_templateincludes\class-dokan-integration.php:14

filterdokan_query_var_filterincludes\class-dokan-integration.php:15

filterdokan_settings_fieldsincludes\class-dokan-integration.php:16

actionpre_get_postsincludes\class-form-preview.php:64

filterthe_titleincludes\class-form-preview.php:65

filterthe_contentincludes\class-form-preview.php:66

filterget_the_excerptincludes\class-form-preview.php:67

filterhome_template_hierarchyincludes\class-form-preview.php:68

filterfrontpage_template_hierarchyincludes\class-form-preview.php:69

filterpost_thumbnail_htmlincludes\class-form-preview.php:70

actionwidgets_initincludes\class-form-widget.php:94

filtersafe_style_cssincludes\class-notification.php:131

filterwp_kses_allowed_htmlincludes\class-notification.php:146

actionadmin_enqueue_scriptsincludes\class-scripts-styles.php:15

actionadmin_enqueue_scriptsincludes\class-scripts-styles.php:16

actionwp_enqueue_scriptsincludes\class-scripts-styles.php:18

actionrest_api_initincludes\class-weforms-api.php:30

filterweforms_localized_scriptincludes\functions.php:1334

actionadmin_noticesincludes\importer\class-importer-abstract.php:50

actionweforms_settings_tabsincludes\integrations\class-abstract-integration.php:170

actionweforms_entry_submissionincludes\integrations\erp\class-integration-erp.php:27

filteradmin_footerincludes\integrations\mailpoet\class-integration-mailpoet.php:25

filterweforms_builder_scriptsincludes\integrations\mailpoet\class-integration-mailpoet.php:27

actionweforms_entry_submissionincludes\integrations\mailpoet\class-integration-mailpoet.php:28

actionweforms_entry_submissionincludes\integrations\slack\class-integration-slack.php:21

actionweforms_entry_submissionincludes\integrations\sprout-invoices\class-integration-sprout-invoices.php:37

filterweforms_entry_submission_responseincludes\integrations\sprout-invoices\class-integration-sprout-invoices.php:38

actionadmin_menutrunk\includes\admin\class-admin-welcome.php:11

actionadmin_headtrunk\includes\admin\class-admin-welcome.php:12

actionadmin_inittrunk\includes\admin\class-admin-welcome.php:13

actioninittrunk\includes\admin\class-admin.php:9

actionadmin_menutrunk\includes\admin\class-admin.php:10

actionpre_update_option_wpuf_generaltrunk\includes\admin\class-admin.php:11

actionadmin_noticestrunk\includes\admin\class-admin.php:13

filteradmin_footer_texttrunk\includes\admin\class-admin.php:15

filteradmin_post_weforms_export_formstrunk\includes\admin\class-admin.php:16

filteradmin_post_weforms_export_form_entriestrunk\includes\admin\class-admin.php:17

filterweforms_settings_tabstrunk\includes\admin\class-admin.php:20

actionweforms_settings_tab_content_generaltrunk\includes\admin\class-admin.php:21

actionweforms_settings_tab_content_recaptchatrunk\includes\admin\class-admin.php:22

actionweforms_settings_tab_content_secure-databasetrunk\includes\admin\class-admin.php:23

actionweforms_settings_tab_content_humanpresencetrunk\includes\admin\class-admin.php:24

actionweforms_settings_tab_content_privacytrunk\includes\admin\class-admin.php:25

actionadmin_enqueue_scriptstrunk\includes\admin\class-form-builder-assets.php:13

actionadmin_print_scriptstrunk\includes\admin\class-form-builder-assets.php:14

actionadmin_footertrunk\includes\admin\class-form-builder-assets.php:15

actionwpuf-form-builder-template-builder-stage-submit-areatrunk\includes\admin\class-form-builder-assets.php:17

actionwpuf-form-builder-tabs-contact_formtrunk\includes\admin\class-form-builder-assets.php:19

actionwpuf-form-builder-tab-contents-contact_formtrunk\includes\admin\class-form-builder-assets.php:20

actionwpuf-form-builder-settings-tabs-contact_formtrunk\includes\admin\class-form-builder-assets.php:22

actionwpuf-form-builder-settings-tab-contents-contact_formtrunk\includes\admin\class-form-builder-assets.php:23

actionenqueue_block_editor_assetstrunk\includes\admin\class-gutenblock.php:17

actionwp_headtrunk\includes\admin\class-gutenblock.php:19

actionadmin_inittrunk\includes\admin\class-privacy.php:14

filterwp_privacy_personal_data_exporterstrunk\includes\admin\class-privacy.php:20

filterwp_privacy_personal_data_eraserstrunk\includes\admin\class-privacy.php:24

filterweforms_integrationstrunk\includes\admin\class-pro-upgrades.php:16

filterweforms_field_get_js_settingstrunk\includes\admin\class-pro-upgrades.php:19

filterweforms_form_fieldstrunk\includes\admin\class-pro-upgrades.php:20

filterweforms_field_groups_customtrunk\includes\admin\class-pro-upgrades.php:21

filterweforms_field_groups_otherstrunk\includes\admin\class-pro-upgrades.php:22

actionadmin_noticestrunk\includes\admin\class-promotion.php:9

actionadmin_noticestrunk\includes\admin\class-promotion.php:10

actionadmin_enqueue_scriptstrunk\includes\admin\class-shortcode-button.php:14

actionmedia_buttonstrunk\includes\admin\class-shortcode-button.php:15

actionadmin_footertrunk\includes\admin\class-shortcode-button.php:16

filterdokan_settings_sectionstrunk\includes\class-dokan-integration.php:12

filterdokan_get_dashboard_navtrunk\includes\class-dokan-integration.php:13

actiondokan_load_custom_templatetrunk\includes\class-dokan-integration.php:14

filterdokan_query_var_filtertrunk\includes\class-dokan-integration.php:15

filterdokan_settings_fieldstrunk\includes\class-dokan-integration.php:16

actionpre_get_poststrunk\includes\class-form-preview.php:64

filterthe_titletrunk\includes\class-form-preview.php:65

filterthe_contenttrunk\includes\class-form-preview.php:66

filterget_the_excerpttrunk\includes\class-form-preview.php:67

filterhome_template_hierarchytrunk\includes\class-form-preview.php:68

filterfrontpage_template_hierarchytrunk\includes\class-form-preview.php:69

filterpost_thumbnail_htmltrunk\includes\class-form-preview.php:70

actionwidgets_inittrunk\includes\class-form-widget.php:94

filtersafe_style_csstrunk\includes\class-notification.php:131

filterwp_kses_allowed_htmltrunk\includes\class-notification.php:146

actionadmin_enqueue_scriptstrunk\includes\class-scripts-styles.php:15

actionadmin_enqueue_scriptstrunk\includes\class-scripts-styles.php:16

actionwp_enqueue_scriptstrunk\includes\class-scripts-styles.php:18

actionrest_api_inittrunk\includes\class-weforms-api.php:30

filterweforms_localized_scripttrunk\includes\functions.php:1334

actionadmin_noticestrunk\includes\importer\class-importer-abstract.php:50

actionweforms_settings_tabstrunk\includes\integrations\class-abstract-integration.php:170

actionweforms_entry_submissiontrunk\includes\integrations\erp\class-integration-erp.php:27

filteradmin_footertrunk\includes\integrations\mailpoet\class-integration-mailpoet.php:25

filterweforms_builder_scriptstrunk\includes\integrations\mailpoet\class-integration-mailpoet.php:27

actionweforms_entry_submissiontrunk\includes\integrations\mailpoet\class-integration-mailpoet.php:28

actionweforms_entry_submissiontrunk\includes\integrations\slack\class-integration-slack.php:21

actionweforms_entry_submissiontrunk\includes\integrations\sprout-invoices\class-integration-sprout-invoices.php:37

filterweforms_entry_submission_responsetrunk\includes\integrations\sprout-invoices\class-integration-sprout-invoices.php:38

actionadmin_noticestrunk\weforms.php:92

actionadmin_inittrunk\weforms.php:100

actionplugins_loadedtrunk\weforms.php:101

actioninittrunk\weforms.php:293

actioninittrunk\weforms.php:296

actioninittrunk\weforms.php:297

actionadmin_noticesweforms.php:92

actionadmin_initweforms.php:100

actionplugins_loadedweforms.php:101

actioninitweforms.php:293

actioninitweforms.php:296

actioninitweforms.php:297

Maintenance & Trust

weForms – Easy Drag & Drop Contact Form Builder For WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version7.2.5

Downloads812K

Community Trust

Rating90/100

Number of ratings111

Active installs10K

Alternatives

weForms – Easy Drag & Drop Contact Form Builder For WordPress Alternatives

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

The most beginner-friendly, AI Form Builder for WordPress to create contact forms, payment forms & other custom forms with advanced features, with …

400K 15 CVEs

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

everest-forms

The best WordPress form builder. Create contact forms, payment forms, conversational forms, custom forms, surveys, & quizzes using drag and drop.

100K 12 CVEs

Ultra Addons for Contact Form 7

ultimate-addons-for-contact-form-7

50+ Essential Addons for Contact Form 7 - Conditional Fields, Multi Step, Redirection, Columns, WooCommerce, Mailchimp & more

60K 13 CVEs

Developer Profile

weForms – Easy Drag & Drop Contact Form Builder For WordPress Developer Profile

BoldGrid

15 plugins · 1.1M total installs

trust score

Avg Security Score

96/100

Avg Patch Time

841 days

View full developer profile

Detection Fingerprints

How We Detect weForms – Easy Drag & Drop Contact Form Builder For WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/weforms/assets/css/style.css/wp-content/plugins/weforms/assets/css/frontend.css/wp-content/plugins/weforms/assets/css/editor.css/wp-content/plugins/weforms/assets/js/frontend.js/wp-content/plugins/weforms/assets/js/weforms-admin.js/wp-content/plugins/weforms/assets/js/editor.js/wp-content/plugins/weforms/assets/js/weforms-settings.js/wp-content/plugins/weforms/assets/js/custom-fields.js+8 more

Script Paths

/wp-content/plugins/weforms/assets/js/frontend.js/wp-content/plugins/weforms/assets/js/weforms-admin.js/wp-content/plugins/weforms/assets/js/editor.js/wp-content/plugins/weforms/assets/js/weforms-settings.js/wp-content/plugins/weforms/assets/js/custom-fields.js/wp-content/plugins/weforms/assets/js/blocks.js+7 more

Version Parameters

weforms/style.css?ver=weforms/frontend.css?ver=weforms/editor.css?ver=weforms/frontend.js?ver=weforms/weforms-admin.js?ver=weforms/editor.js?ver=weforms/weforms-settings.js?ver=weforms/custom-fields.js?ver=weforms/blocks.js?ver=weforms/vue.js?ver=weforms/weforms-gutenberg-editor.js?ver=weforms/gutenberg-editor.js?ver=weforms/weforms-entry-editor.js?ver=weforms/weforms-form-builder.js?ver=weforms/weforms-form-list.js?ver=weforms/admin/vendor/vue-multiselect/vue-multiselect.js?ver=

HTML / DOM Fingerprints

CSS Classes

weforms-formweforms-fieldweforms-container

Data Attributes

data-weforms-field-iddata-weforms-form-iddata-weforms-entry-id

JS Globals

weformsWeFormsRestWeForms_Field_ManagerWeForms_Form_ManagerWeForms_Template_Managerweforms_admin_params+2 more

REST Endpoints

/wp-json/weforms/v1/forms/wp-json/weforms/v1/entries/wp-json/weforms/v1/settings

Shortcode Output

[weforms id="[weforms_grid id="[weforms_entries id="

FAQ