Does WP Simple Forms have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Simple Forms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Simple Forms compatible with WordPress 3.4.2?

According to WordPress.org data, WP Simple Forms 0.1.4 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is WP Simple Forms updated?

WP Simple Forms was last updated on Jan 2, 2013. Frequent updates are generally a positive security signal.

What is WP Simple Forms's security score?

WP Simple Forms has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Simple Forms Security & Risk Analysis

wordpress.org/plugins/wp-simple-forms

Adding forms to a webpage has never been easier. Quickly create dropdowns, checkboxes, multiple choice, and text questions for any page on your site.

20 active installs v0.1.4 PHP + WP 3.4+ Updated Jan 2, 2013

wp-simple-forms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Simple Forms Safe to Use in 2026?

Generally Safe

Score 85/100

WP Simple Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The "wp-simple-forms" v0.1.4 plugin exhibits a mixed security posture. While it boasts a clean vulnerability history with no recorded CVEs and avoids dangerous functions, file operations, and external HTTP requests, significant concerns arise from its static analysis results. A notable weakness is the complete lack of output escaping, meaning any data displayed to users could be vulnerable to injection attacks. Furthermore, the plugin has two AJAX handlers that lack authentication checks, creating direct entry points for unauthenticated users to potentially trigger unintended actions or expose sensitive information.

The taint analysis reveals one flow with an unsanitized path, although it is not categorized as critical or high severity. This suggests a potential for path traversal or file manipulation vulnerabilities, even if not immediately exploitable at a high level. The SQL query practices are moderately secure, with 60% using prepared statements, but the remaining 40% are potentially vulnerable to SQL injection if not properly sanitized.

Overall, the absence of critical vulnerabilities in its history is a positive sign, suggesting responsible development practices. However, the identified weaknesses in output escaping and unprotected AJAX handlers present clear and present risks that should be addressed. The plugin's strengths lie in its avoidance of known dangerous patterns, but its unprotected entry points and unescaped output detract significantly from its security.

Key Concerns

AJAX handlers without auth checks
Output escaping missing
Unsanitized path in taint analysis
SQL queries without prepared statements (40%)

Vulnerabilities

None known

WP Simple Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Simple Forms Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

60% prepared20 total queries

Output Escaping

0% escaped16 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<wpsf_settings> (wpsf_settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

WP Simple Forms Attack Surface

Entry Points10

Unprotected2

AJAX Handlers 9

authwp_ajax_saveAnswersajax.php:4

noprivwp_ajax_saveAnswersajax.php:5

authwp_ajax_rearrange-elementsajax.php:74

authwp_ajax_get-saved-elementsajax.php:116

noprivwp_ajax_get-saved-elementsajax.php:117

authwp_ajax_save-question-templateajax.php:191

authwp_ajax_save-custom-questionajax.php:218

authwp_ajax_delete-custom-questionajax.php:294

authwp_ajax_delete-templateajax.php:330

Shortcodes 1

[simpleform] shortcode.php:44

WordPress Hooks 3

filterplugin_action_linksfunctions.php:17

actionadmin_menufunctions.php:27

actionadmin_initfunctions.php:28

Maintenance & Trust

WP Simple Forms Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedJan 2, 2013

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

WP Simple Forms Alternatives

No alternatives data available yet.

Developer Profile

WP Simple Forms Developer Profile

delaney.p.brown

1 plugin · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Simple Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-simple-forms/admin-style.css/wp-content/plugins/wp-simple-forms/plugins/deletable.js/wp-content/plugins/wp-simple-forms/js/notify.js/wp-content/plugins/wp-simple-forms/js/form.elements.js/wp-content/plugins/wp-simple-forms/style.css

Script Paths

/wp-content/plugins/wp-simple-forms/plugins/deletable.js/wp-content/plugins/wp-simple-forms/js/notify.js/wp-content/plugins/wp-simple-forms/js/form.elements.js

Version Parameters

wp-simple-forms/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

cd-error

Shortcode Output

<p class="cd-error">Error: Please make sure all required fields are filled in.</p>

FAQ