WP-Safety

Simple Contact Form Plugin for WordPress – WP Easy Contact Security & Risk Analysis

wordpress.org/plugins/wp-easy-contact

Simple contact form with a searchable contact list. Collect, store and manage submissions in one place.

40 active installs v4.0.3 PHP + WP 4.5+ Updated Aug 18, 2025
contact-formcontact-form-databasecontact-listcontact-managementeasy-contact-form
95
A · Safe
CVEs total4
Unpatched0
Last CVEAug 25, 2025
Plugin page Download
Safety Verdict

Is Simple Contact Form Plugin for WordPress – WP Easy Contact Safe to Use in 2026?

Generally Safe

Score 95/100

Simple Contact Form Plugin for WordPress – WP Easy Contact has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Aug 25, 2025Updated 7mo ago
Risk Assessment

The wp-easy-contact plugin v4.0.3 exhibits a mixed security posture. While it demonstrates good practices in SQL query handling and a high rate of output escaping, significant concerns arise from its attack surface and vulnerability history. The plugin exposes a considerable number of AJAX handlers, with a notable portion (9 out of 29) lacking authentication checks, creating potential entry points for unauthorized actions. Taint analysis reveals two high-severity flows with unsanitized paths, indicating a risk of vulnerabilities if these flows involve sensitive operations or user-controlled input.

The vulnerability history is a significant red flag, with four known CVEs, including one high-severity and three medium-severity issues. The prevalence of Cross-site Scripting and Deserialization of Untrusted Data vulnerabilities in its past suggests a pattern of insecure handling of user input or data serialization. Although no currently unpatched CVEs are listed, the historical pattern and the recent nature of the last vulnerability (August 2025) point to potential ongoing or recurring security weaknesses.

In conclusion, while the plugin has strengths in its SQL practices and output escaping, the unprotected AJAX endpoints, high-severity taint flows, and a history of significant vulnerabilities necessitate caution. The identified risks, particularly the unprotected entry points and past vulnerability types, suggest that attackers could potentially exploit this plugin if proper sanitization and authentication are not rigorously implemented and maintained.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • History of 1 high severity CVE
  • History of 3 medium severity CVEs
  • Bundled outdated library (Select2 v3.2)
  • Unsanitized paths in taint analysis
Vulnerabilities
4

Simple Contact Form Plugin for WordPress – WP Easy Contact Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

CVE-2025-53572high · 8.1Deserialization of Untrusted Data

WP Easy Contact <= 4.0.1 - Unauthenticated PHP Object Injection

Aug 25, 2025 Patched in 4.0.2 (10d)
CVE-2025-8315medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Easy Contact <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter

Aug 4, 2025 Patched in 4.0.2 (1d)
CVE-2025-5539medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simplify Contact Management: WP Easy Contact <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 3, 2025 Patched in 4.0.1 (57d)
CVE-2022-2151medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Best Contact Management Software <= 3.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Jun 21, 2022 Patched in 3.8 (967d)
Code Analysis
Analyzed Mar 16, 2026

Simple Contact Form Plugin for WordPress – WP Easy Contact Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
22 prepared
Unescaped Output
239
1613 escaped
Nonce Checks
27
Capability Checks
30
File Operations
2
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

preg_replace(/e)preg_replace('/eincludes\emd-form-builder-lite\emd-form-functions.php:495
preg_replace(/e)preg_replace('/eincludes\emd-form-builder-lite\emd-form-functions.php:516

Bundled Libraries

Select23.2

SQL Query Safety

100% prepared22 total queries

Output Escaping

87% escaped1852 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

16 flows9 with unsanitized paths
emd_form_builder_lite_get_field (includes\emd-form-builder-lite\emd-form-builder.php:831)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

Simple Contact Form Plugin for WordPress – WP Easy Contact Attack Surface

Entry Points30
Unprotected9

AJAX Handlers 29

authwp_ajax_single_tax_add_taxtermincludes\admin\singletax\emd-singletax-functions.php:4
authwp_ajax_emd_load_fileincludes\class-install-deactivate.php:49
noprivwp_ajax_emd_load_fileincludes\class-install-deactivate.php:50
authwp_ajax_emd_delete_fileincludes\class-install-deactivate.php:51
noprivwp_ajax_emd_delete_fileincludes\class-install-deactivate.php:52
authwp_ajax_emd_check_userEmailincludes\common-functions.php:541
authwp_ajax_emd_check_uniqueincludes\common-functions.php:570
authwp_ajax_emd_form_builder_lite_get_fieldincludes\emd-form-builder-lite\emd-form-builder.php:830
authwp_ajax_emd_form_builder_lite_get_pageincludes\emd-form-builder-lite\emd-form-builder.php:1192
authwp_ajax_emd_form_builder_lite_get_rowincludes\emd-form-builder-lite\emd-form-builder.php:1245
authwp_ajax_emd_form_builder_lite_save_formincludes\emd-form-builder-lite\emd-form-builder.php:1272
authwp_ajax_emd_form_builder_lite_get_hrincludes\emd-form-builder-lite\emd-form-builder.php:1391
authwp_ajax_emd_form_builder_lite_get_htmlincludes\emd-form-builder-lite\emd-form-builder.php:1411
authwp_ajax_emd_formb_lite_submit_ajax_formincludes\emd-form-builder-lite\emd-form-frontend.php:9
noprivwp_ajax_emd_formb_lite_submit_ajax_formincludes\emd-form-builder-lite\emd-form-frontend.php:10
noprivwp_ajax_emd_check_userEmailincludes\emd-form-builder-lite\emd-form-frontend.php:11
noprivwp_ajax_emd_check_uniqueincludes\emd-form-builder-lite\emd-form-frontend.php:12
noprivwp_ajax_emd_lite_process_loginincludes\emd-form-builder-lite\emd-form-frontend.php:1931
authwp_ajax_emd_lite_process_loginincludes\emd-form-builder-lite\emd-form-frontend.php:1932
noprivwp_ajax_emd_lite_verify_registrationincludes\emd-form-builder-lite\emd-form-frontend.php:2019
authwp_ajax_emd_lite_verify_registrationincludes\emd-form-builder-lite\emd-form-frontend.php:2020
authwp_ajax_emd_form_builder_lite_pagenumincludes\emd-form-builder-lite\emd-form-functions.php:1091
noprivwp_ajax_emd_form_builder_lite_pagenumincludes\emd-form-builder-lite\emd-form-functions.php:1092
noprivwp_ajax_emd_verify_emailincludes\login-register-functions.php:106
authwp_ajax_emd_verify_emailincludes\login-register-functions.php:107
authwp_ajax_wp_easy_contact_send_deactivate_reasonincludes\plugin-feedback-functions.php:11
authwp_ajax_wp_easy_contact_show_ratemeincludes\plugin-feedback-functions.php:16
authwp_ajax_emd_get_widg_pagenumincludes\widget-functions.php:10
noprivwp_ajax_emd_get_widg_pagenumincludes\widget-functions.php:11

Shortcodes 1

[emd_form] includes\emd-form-builder-lite\emd-form-frontend.php:400
WordPress Hooks 76
actionwp_dashboard_setupincludes\admin\dashboard-widgets.php:21
actionwp_easy_contact_getting_startedincludes\admin\getting-started.php:9
actionwp_easy_contact_settings_glossaryincludes\admin\glossary.php:9
actionemd_ext_registerincludes\admin\settings-functions-misc.php:11
filteremd_add_settings_tabincludes\admin\settings-functions-misc.php:12
actionemd_show_settings_tabincludes\admin\settings-functions-misc.php:13
actionemd_ext_registerincludes\admin\settings-functions.php:11
actionemd_show_settings_pageincludes\admin\settings-functions.php:12
actionadd_meta_boxesincludes\admin\singletax\class-emd-single-taxonomy.php:31
filterwp_terms_checklist_argsincludes\admin\singletax\class-emd-single-taxonomy.php:35
actionsave_postincludes\admin\singletax\class-emd-single-taxonomy.php:39
filtermedia_buttonsincludes\admin\wpas-btn-functions.php:10
actionadmin_footerincludes\admin\wpas-btn-functions.php:11
filterkses_allowed_protocolsincludes\admin\wpas-btn-functions.php:222
filterposts_whereincludes\class-emd-query.php:91
filterposts_joinincludes\class-emd-query.php:94
filteremd_wp_session_cookie_secureincludes\class-emd-session.php:59
filteremd_wp_session_cookie_httponlyincludes\class-emd-session.php:60
filteremd_wp_session_delete_batch_sizeincludes\class-emd-session.php:61
filtersafe_style_cssincludes\class-emd-widget.php:57
actionadmin_initincludes\class-install-deactivate.php:21
actionwp_headincludes\class-install-deactivate.php:33
actionadmin_initincludes\class-install-deactivate.php:37
actionadmin_noticesincludes\class-install-deactivate.php:41
actionadmin_initincludes\class-install-deactivate.php:45
actioninitincludes\class-install-deactivate.php:53
filtertiny_mce_before_initincludes\class-install-deactivate.php:58
actionemd_ext_set_confincludes\emd-form-builder-lite\emd-form-builder.php:12
actionemd_ext_initincludes\emd-form-builder-lite\emd-form-builder.php:22
filterposts_whereincludes\emd-form-builder-lite\emd-form-builder.php:48
actionemd_ext_admin_enqincludes\emd-form-builder-lite\emd-form-builder.php:50
actionemd_show_forms_lite_pageincludes\emd-form-builder-lite\emd-form-builder.php:282
actioninitincludes\emd-form-builder-lite\emd-form-frontend.php:44
filteremd_ext_parse_tagsincludes\emd-form-builder-lite\emd-form-functions.php:775
actioninitincludes\emd-form-builder-lite\emd-form-functions.php:801
filterkses_allowed_protocolsincludes\emd-form-builder-lite\emd-form-functions.php:1169
actionemd_ext_registerincludes\emd-form-builder-lite\settings-functions-login.php:12
filteremd_add_settings_tabincludes\emd-form-builder-lite\settings-functions-login.php:13
actionemd_show_settings_tabincludes\emd-form-builder-lite\settings-functions-login.php:14
actionemd_ext_admin_enqincludes\emd-lite\emd-lite.php:8
filteremd_lite_modalincludes\emd-lite\emd-lite.php:26
actioninitincludes\entities\class-emd-contact.php:27
actionadmin_initincludes\entities\class-emd-contact.php:31
filterpost_updated_messagesincludes\entities\class-emd-contact.php:35
actionadmin_menuincludes\entities\class-emd-contact.php:39
actionadmin_head-edit.phpincludes\entities\class-emd-contact.php:43
actionmanage_emd_contact_posts_custom_columnincludes\entities\class-emd-contact.php:49
filtermanage_emd_contact_posts_columnsincludes\entities\class-emd-contact.php:53
filterenter_title_hereincludes\entities\class-emd-contact.php:58
actionadmin_initincludes\entities\class-emd-contact.php:62
filterpost_row_actionsincludes\entities\class-emd-contact.php:66
actionadmin_action_emd_duplicate_entityincludes\entities\class-emd-contact.php:70
actionadmin_noticesincludes\entities\class-emd-contact.php:580
filterthe_titleincludes\entities\class-emd-contact.php:611
actionsave_postincludes\entities\class-emd-entity.php:96
actionsave_postincludes\entities\class-emd-entity.php:133
filteremd_show_temp_sidebarincludes\layout-functions.php:166
actionemd_sidebarincludes\layout-functions.php:196
actionwidgets_initincludes\layout-functions.php:213
filteremd_show_temp_navigationincludes\layout-functions.php:290
filteremd_show_single_edit_linkincludes\layout-functions.php:320
filteremd_change_containerincludes\layout-functions.php:332
filteremd_get_login_register_option_for_viewsincludes\login-register-functions.php:8
actionemd_show_login_register_formsincludes\login-register-functions.php:22
filterplugin_row_metaincludes\plugin-feedback-functions.php:9
filterplugin_action_linksincludes\plugin-feedback-functions.php:10
actionadmin_footerincludes\plugin-feedback-functions.php:14
actionadmin_noticesincludes\plugin-feedback-functions.php:17
actionadmin_post_wp-easy-contact_check_optinincludes\plugin-feedback-functions.php:18
actionadmin_enqueue_scriptsincludes\scripts.php:9
actionwp_enqueue_scriptsincludes\scripts.php:144
actionadmin_print_footer_scriptsincludes\scripts.php:204
filterthe_contentwp-easy-contact.php:58
actionadmin_menuwp-easy-contact.php:62
filtertemplate_includewp-easy-contact.php:66
actionwidgets_initwp-easy-contact.php:70
Maintenance & Trust

Simple Contact Form Plugin for WordPress – WP Easy Contact Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 18, 2025
PHP min version
Downloads21K

Community Trust

Rating100/100
Number of ratings4
Active installs40
Alternatives

Simple Contact Form Plugin for WordPress – WP Easy Contact Alternatives

Contact Form Email

Contact Form Email

contact-form-to-email

A
88

Contact form with visual form builder. Contact form that sends the data to email, to a database list and to CSV / Excel files.

9K 16 CVEs
Contact Form DB Divi

Contact Form DB Divi

contact-form-db-divi

A
100

The Contact Form DB plugin is designed to provide an easy way to store and manage form submissions on your Divi website

3K No CVEs
AC Advanced Flamingo Settings

AC Advanced Flamingo Settings

ac-advanced-flamingo-settings

A
100

AC Advanced Flamingo Settings enhances and extends the functionality of the CF7 Flamingo plugin by adding customization options, import/export tools, &hellip;

500 No CVEs
AKM Feedback Form

AKM Feedback Form

akm-feedback-form

A
85

Just insert the [AKMFORM] shortcode in pages of your WordPress site to display a simple and easy to use Feedback form.

10 No CVEs
Wp Easy Contact Form

Wp Easy Contact Form

wp-easy-contact-form

A
85

Wp Easy Contact Form allows you to create contact forms that can be customized to satisfy all of your website contact needs.

10 No CVEs
Developer Profile

Simple Contact Form Plugin for WordPress – WP Easy Contact Developer Profile

emarket-design

10 plugins · 4K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
251 days
View full developer profile
Detection Fingerprints

How We Detect Simple Contact Form Plugin for WordPress – WP Easy Contact

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-easy-contact/assets/css/frontend.css/wp-content/plugins/wp-easy-contact/assets/css/style.css/wp-content/plugins/wp-easy-contact/assets/js/frontend.js/wp-content/plugins/wp-easy-contact/assets/ext/emd-meta-box/assets/css/emd-meta-box.css/wp-content/plugins/wp-easy-contact/assets/ext/emd-meta-box/assets/js/emd-meta-box.js/wp-content/plugins/wp-easy-contact/includes/emd-form-builder-lite/assets/css/emd-form-builder.css/wp-content/plugins/wp-easy-contact/includes/emd-form-builder-lite/assets/js/emd-form-builder.js/wp-content/plugins/wp-easy-contact/includes/emd-lite/assets/css/emd-lite.css+3 more
Generator Patterns
WP Easy Contact 4.0.3
Script Paths
/wp-content/plugins/wp-easy-contact/assets/js/frontend.js/wp-content/plugins/wp-easy-contact/assets/ext/emd-meta-box/assets/js/emd-meta-box.js/wp-content/plugins/wp-easy-contact/includes/emd-form-builder-lite/assets/js/emd-form-builder.js/wp-content/plugins/wp-easy-contact/includes/emd-lite/assets/js/emd-lite.js/wp-content/plugins/wp-easy-contact/assets/js/admin.js
Version Parameters
/wp-content/plugins/wp-easy-contact/assets/css/frontend.css?ver=/wp-content/plugins/wp-easy-contact/assets/css/style.css?ver=/wp-content/plugins/wp-easy-contact/assets/js/frontend.js?ver=/wp-content/plugins/wp-easy-contact/assets/ext/emd-meta-box/assets/css/emd-meta-box.css?ver=/wp-content/plugins/wp-easy-contact/assets/ext/emd-meta-box/assets/js/emd-meta-box.js?ver=/wp-content/plugins/wp-easy-contact/includes/emd-form-builder-lite/assets/css/emd-form-builder.css?ver=/wp-content/plugins/wp-easy-contact/includes/emd-form-builder-lite/assets/js/emd-form-builder.js?ver=/wp-content/plugins/wp-easy-contact/includes/emd-lite/assets/css/emd-lite.css?ver=/wp-content/plugins/wp-easy-contact/includes/emd-lite/assets/js/emd-lite.js?ver=/wp-content/plugins/wp-easy-contact/assets/css/admin.css?ver=/wp-content/plugins/wp-easy-contact/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
emd-contact-formemd-form-titleemd-form-fieldemd-form-labelemd-form-inputemd-form-textareaemd-form-submitemd-contact-admin+22 more
HTML Comments
<!-- emd_contact_form --><!-- emd_contact_widget --><!-- WP Easy Contact Form -->
Data Attributes
data-emd-form-iddata-plugin-name="WP Easy Contact"
JS Globals
WP_Easy_Contact_FrontendEmdFormBuilderEmdLiteemd_mb_meta
Shortcode Output
[contact-form][contact-widget]
FAQ

Frequently Asked Questions about Simple Contact Form Plugin for WordPress – WP Easy Contact