WP-Safety

Yeem Contact Form Security & Risk Analysis

wordpress.org/plugins/yeem-contact-form

Yeem Contact Form is a simple contact form plugin with very easy to use form builder.

10 active installs v1.0.0 PHP + WP 4.7.5+ Updated Aug 19, 2017
contact-formeasy-contact-formsimple-contact-formyeem
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Yeem Contact Form Safe to Use in 2026?

Generally Safe

Score 85/100

Yeem Contact Form has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "yeem-contact-form" plugin version 1.0.0 presents a concerning security posture primarily due to its unprotected entry points. While the code signals indicate a lack of dangerous functions, no SQL queries, and a high percentage of output escaping, the presence of five AJAX handlers without any authentication checks is a significant weakness. This means any unauthenticated user could potentially interact with these handlers, opening the door to various attacks.

The taint analysis, although limited in scope with only two flows analyzed, did reveal two flows with unsanitized paths. While these did not escalate to critical or high severity, it suggests a potential for code injection or other vulnerabilities if these paths are exploited in combination with other weaknesses or if the scope of analysis was wider.

The plugin's vulnerability history is clean, with zero known CVEs. This is a positive indicator, suggesting the developers may have good security practices or the plugin hasn't been widely targeted or scrutinized. However, this does not negate the risks identified in the static analysis. The plugin's strengths lie in its internal code quality regarding SQL and output handling, but these are overshadowed by its exposed attack surface.

Key Concerns

  • Unprotected AJAX handlers
  • Taint flows with unsanitized paths
  • No nonce checks on AJAX handlers
  • No capability checks
Vulnerabilities
None known

Yeem Contact Form Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Yeem Contact Form Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
22 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

88% escaped25 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
yeem_save_form (admin\class-yeem-contact-form-admin.php:273)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Yeem Contact Form Attack Surface

Entry Points6
Unprotected5

AJAX Handlers 5

authwp_ajax_yeem_save_formincludes\class-yeem-contact-form.php:161
authwp_ajax_yeem_get_formelementsincludes\class-yeem-contact-form.php:162
noprivwp_ajax_yeem_sendmailincludes\class-yeem-contact-form.php:183
authwp_ajax_yeem_sendmailincludes\class-yeem-contact-form.php:184
noprivwp_ajax_yeem_get_formelementsincludes\class-yeem-contact-form.php:185

Shortcodes 1

[yeem_contact_form] includes\class-yeem-contact-form.php:188
WordPress Hooks 11
actionplugins_loadedincludes\class-yeem-contact-form.php:139
actionadmin_enqueue_scriptsincludes\class-yeem-contact-form.php:154
actionadmin_enqueue_scriptsincludes\class-yeem-contact-form.php:155
actionadmin_initincludes\class-yeem-contact-form.php:158
actionadmin_menuincludes\class-yeem-contact-form.php:159
actionwp_enqueue_scriptsincludes\class-yeem-contact-form.php:176
actionwp_enqueue_scriptsincludes\class-yeem-contact-form.php:177
filterwp_mail_fromincludes\class-yeem-contact-form.php:180
filterwp_mail_from_nameincludes\class-yeem-contact-form.php:181
filterwp_mail_content_typeincludes\class-yeem-contact-form.php:182
actioninitincludes\class-yeem-contact-form.php:186
Maintenance & Trust

Yeem Contact Form Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedAug 19, 2017
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Yeem Contact Form Alternatives

AKM Feedback Form

AKM Feedback Form

akm-feedback-form

A
85

Just insert the [AKMFORM] shortcode in pages of your WordPress site to display a simple and easy to use Feedback form.

10 No CVEs
Simple Contact Form Plugin for WordPress – WP Easy Contact

Simple Contact Form Plugin for WordPress – WP Easy Contact

wp-easy-contact

A
95

Simple contact form with a searchable contact list. Collect, store and manage submissions in one place.

40 4 CVEs
ALIDANI Contact forms

ALIDANI Contact forms

alidani-contact-form

A
85

Contact form with visual form builder. Contact form that sends the data to email, to a database list and easy to update the content.

10 No CVEs
FEP Contact Form

FEP Contact Form

fep-contact-form

A
85

FEP Contact Form is a secure contact form to your WordPress site.This can be used with Front End PM or without.

10 No CVEs
OweBest Contact Form

OweBest Contact Form

ob-contact-form

A
100

OweBest Contact form is a simple contact form which works out of the box. Use shortcode on posts or pages to generate OweBest Contact Form.

10 No CVEs
Developer Profile

Yeem Contact Form Developer Profile

kurky17

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Yeem Contact Form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/yeem-contact-form/admin/css/yeem-contact-form-admin.css
Script Paths
/wp-content/plugins/yeem-contact-form/admin/js/yeem-contact-form-admin.js
Version Parameters
yeem-contact-form-admin

HTML / DOM Fingerprints

HTML Comments
YEEMYEEMYEEM
JS Globals
yeemScriptObj
FAQ

Frequently Asked Questions about Yeem Contact Form