
WP Inquiries Security & Risk Analysis
wordpress.org/plugins/wp-inquiriesA simple contact form plugin that record inquiries.
Is WP Inquiries Safe to Use in 2026?
Use With Caution
Score 64/100WP Inquiries has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The wp-inquiries plugin version 0.2.1 demonstrates a mixed security posture. On the positive side, it exhibits strong adherence to secure coding practices, with all identified SQL queries utilizing prepared statements and all output being properly escaped. The plugin also correctly implements nonce and capability checks for its AJAX handlers, and it has a small attack surface with no directly unprotected entry points. File operations and external HTTP requests are also absent, further reducing potential risks.
However, there are notable concerns. The taint analysis revealed one flow with an unsanitized path, which is flagged as high severity. This suggests a potential vulnerability where user-supplied input might be used in a way that could lead to unintended consequences or exploits. Furthermore, the plugin has a history of known vulnerabilities, including one medium severity SQL injection vulnerability that is currently unpatched. This ongoing unpatched vulnerability, combined with the high severity taint flow, indicates a need for immediate attention.
In conclusion, while wp-inquiries v0.2.1 has implemented several good security practices, the presence of a high-severity taint flow and an unpatched medium-severity SQL injection vulnerability present significant risks. The plugin's history of vulnerabilities, particularly SQL injection, combined with the current unpatched state, suggests a pattern that requires vigilance and prompt remediation. Users should prioritize updating to a patched version or be aware of the risks associated with the current version.
Key Concerns
- Unpatched CVE (Medium SQLi)
- High severity taint flow (unsanitized path)
WP Inquiries Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
WP Inquiries <= 0.2.1 - Authenticated (Administrator+) SQL Injection
WP Inquiries Release Timeline
WP Inquiries Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
WP Inquiries Attack Surface
AJAX Handlers 2
Shortcodes 1
WordPress Hooks 5
Maintenance & Trust
WP Inquiries Maintenance & Trust
Maintenance Signals
Community Trust
WP Inquiries Alternatives
Product Enquiry for WooCommerce
product-enquiry-for-woocommerce
Product Enquiry allows prospective customers to "Make an Enquiry" about a product, or "Request a Quote" right from within the product page.
Front End PM
front-end-pm
Front End PM is a Private Messaging system and a secure contact form to your WordPress site.This is full functioning messaging system from front end.
Popups – Submission Messages For Contact Form 7
cf7-popups
Display contact form 7 default messages in stylish popup as user submits the form.
CF7 Submissions – Securely Store Contact Form 7 Data and Attachments, Reply to the Sender and more
cf7-submissions
Securely Store and Manage CF7 Submissions Hassle-Free
Contact Form 7 Translate Messages Extension
cf7-translate-messages-extension
Translate default Contact Form 7 messages without changing WordPress profile language.
WP Inquiries Developer Profile
1 plugin · 10 total installs
How We Detect WP Inquiries
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-inquiries/css/wp-inquiries.css/wp-content/plugins/wp-inquiries/js/wp-inquiries.js/wp-content/plugins/wp-inquiries/js/wp-inquiries.jswp-inquiries/css/wp-inquiries.css?ver=wp-inquiries/js/wp-inquiries.js?ver=HTML / DOM Fingerprints
inquiries-formdata-sendinginquiries_ajax_object/wp-inquiries/v0/inquiries/wp-inquiries/v0/inquiry/(?P<id>[\d]+)<form method="post" class="inquiries-form"><input type="text" name="inquiry_name"<input type="email" name="inquiry_email"<textarea name="inquiry_message"