WP-Safety

wp simple ajax contact form Security & Risk Analysis

wordpress.org/plugins/wp-simple-ajax-contact-form

Have a simple ajax contact form in your wordoress theme and pages . افزونه تماس آجاکس

10 active installs v3.0 PHP + WP 3.0+ Updated Apr 3, 2018
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is wp simple ajax contact form Safe to Use in 2026?

Generally Safe

Score 85/100

wp simple ajax contact form has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The wp-simple-ajax-contact-form v3.0 plugin presents a mixed security posture. While it demonstrates good practices in several areas, such as the absence of dangerous functions, raw SQL queries, file operations, external HTTP requests, and known vulnerabilities, significant concerns exist regarding its attack surface and output sanitization. The plugin exposes two AJAX handlers without any authentication checks, creating a direct entry point for attackers to potentially exploit. Furthermore, a large percentage of output is not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is included in these outputs. The lack of any recorded historical vulnerabilities might suggest a low profile or diligent patching by developers, but it does not mitigate the immediate risks identified in the static analysis. Overall, the strengths in secure SQL handling and the absence of known CVEs are overshadowed by the critical weaknesses in authentication for AJAX endpoints and output escaping, demanding immediate attention.

Key Concerns

  • AJAX handlers without auth checks
  • Low percentage of properly escaped output
  • No nonce checks on AJAX handlers
  • No capability checks on AJAX handlers
Vulnerabilities
None known

wp simple ajax contact form Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

wp simple ajax contact form Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

wp simple ajax contact form Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
24
3 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

11% escaped27 total outputs
Attack Surface
2 unprotected

wp simple ajax contact form Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_wp_simple_ajax_contact_form_sendindex.php:142
noprivwp_ajax_wp_simple_ajax_contact_form_sendindex.php:143

Shortcodes 1

[wp_simple_ajax_contact_form] index.php:86
WordPress Hooks 3
actionadmin_menucontact_menu_setup.php:3
actionwp_enqueue_scriptsindex.php:30
filterwp_footerindex.php:32
Maintenance & Trust

wp simple ajax contact form Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedApr 3, 2018
PHP min version
Downloads6K

Community Trust

Rating96/100
Number of ratings4
Active installs10
Alternatives

wp simple ajax contact form Alternatives

No alternatives data available yet.

Developer Profile

wp simple ajax contact form Developer Profile

Arash Heidari

2 plugins · 30 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect wp simple ajax contact form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-simple-ajax-contact-form/css/style.css/wp-content/plugins/wp-simple-ajax-contact-form/js/fixed-icon.js/wp-content/plugins/wp-simple-ajax-contact-form/js/contact-form.js
Script Paths
plugins/wp-simple-ajax-contact-form/js/fixed-icon.jsplugins/wp-simple-ajax-contact-form/js/contact-form.js

HTML / DOM Fingerprints

CSS Classes
slide-out-divhandlewp-simple-ajax-contact-form-email-validwp-simple-ajax-contact-form-email-emptywp-simple-ajax-contact-form-mgs-validwp-simple-ajax-contact-form-name-validsending
Data Attributes
id="wp-simple-ajax-contact-form"name="wp_simple_ajax_contact_form_name"id="wp-simple-ajax-contact-form-name"name="wp_simple_ajax_contact_form_email"id="wp-simple-ajax-contact-form-email"name="wp_simple_ajax_contact_form_mgs"+4 more
JS Globals
wp_simple_ajax_contact_form_ajaxurl
Shortcode Output
<div id="wp-simple-ajax-contact-form"><form name="myform" id="myform" method="POST"><input type="text" name="wp_simple_ajax_contact_form_name"<input type="text" name="wp_simple_ajax_contact_form_email"
FAQ

Frequently Asked Questions about wp simple ajax contact form