Does ZenForm have any unpatched vulnerabilities?

No. All known vulnerabilities in ZenForm have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ZenForm compatible with WordPress 6.8.5?

According to WordPress.org data, ZenForm 1.0.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is ZenForm compatible with PHP 7.0+?

ZenForm requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ZenForm updated?

ZenForm was last updated on Jul 29, 2025. Frequent updates are generally a positive security signal.

What is ZenForm's security score?

ZenForm has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ZenForm Security & Risk Analysis

wordpress.org/plugins/zenform

Create a professional contact form in under a minute. ZenForm is modern, responsive, and beginner-friendly — no clutter, no complexity, just results.

0 active installs v1.0.2 PHP 7.0+ WP 5.5+ Updated Jul 29, 2025

captcha-formcontact-formcustom-formform-builderforms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ZenForm Safe to Use in 2026?

Generally Safe

Score 100/100

ZenForm has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago

Risk Assessment

The "zenform" plugin v1.0.2 presents a mixed security posture. On the positive side, the plugin demonstrates strong practices in output escaping, with 99% of outputs being properly escaped, and robust use of prepared statements for SQL queries (89%). The absence of known CVEs and a clean vulnerability history are also significant strengths, suggesting a generally well-maintained codebase.

However, several critical concerns emerge from the static analysis. The plugin has a substantial attack surface, with 7 out of 8 entry points lacking authentication checks, specifically concerning the 7 unprotected AJAX handlers. Furthermore, the taint analysis reveals 3 flows with unsanitized paths, two of which are rated as high severity. This combination of unprotected entry points and unsanitized data flow represents a significant risk of potential exploitation, even without historical CVEs.

In conclusion, while the plugin benefits from good coding practices in output handling and database interaction, the lack of authentication on a majority of its entry points and the presence of high-severity unsanitized data flows create notable security vulnerabilities. The absence of historical vulnerabilities is encouraging but does not negate the immediate risks identified in the current code analysis.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized taint flow
High severity unsanitized taint flow
Unsanitized path flow
Missing capability checks on AJAX handlers

Vulnerabilities

None known

ZenForm Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

ZenForm Code Analysis

Dangerous Functions

Raw SQL Queries

17 prepared

Unescaped Output

473 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

89% prepared19 total queries

Output Escaping

99% escaped479 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

<app-toolbar-lower> (views\admin\app-toolbar-lower.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

ZenForm Attack Surface

Entry Points8

Unprotected7

AJAX Handlers 7

authwp_ajax_joli_forms_crudcore\Hooks.php:89

authwp_ajax_joli_forms_email_previewcore\Hooks.php:90

authwp_ajax_joli_forms_send_test_emailcore\Hooks.php:91

authwp_ajax_zenform_submitcore\Hooks.php:96

noprivwp_ajax_zenform_submitcore\Hooks.php:97

authwp_ajax_generate_znf_captchacore\Hooks.php:100

noprivwp_ajax_generate_znf_captchacore\Hooks.php:101

Shortcodes 1

[zenform] core\Controllers\ShortcodesController.php:21

WordPress Hooks 15

actionafter_setup_themecore\Controllers\MenuController.php:39

filterinstall_plugins_nonmenu_tabscore\Controllers\WPJPluginsController.php:30

filterinstall_plugins_table_api_args_wpjolicore\Controllers\WPJPluginsController.php:34

filtersafe_style_csscore\Engine\ZenFormBuilder.php:210

actionwp_enqueue_scriptscore\Engine\ZenFormBuilder.php:337

actionadmin_initcore\Hooks.php:71

actionadmin_menucore\Hooks.php:73

actionadmin_initcore\Hooks.php:74

actioninitcore\Hooks.php:77

actioninitcore\Hooks.php:78

actionadmin_enqueue_scriptscore\Hooks.php:79

actionin_admin_headercore\Hooks.php:81

actionadmin_enqueue_scriptscore\Hooks.php:83

actionthe_postscore\Hooks.php:103

actioninitcore\Hooks.php:106

Maintenance & Trust

ZenForm Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 29, 2025

PHP min version7.0

Downloads221

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

ZenForm Alternatives

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

The most beginner-friendly, AI Form Builder for WordPress to create contact forms, payment forms & other custom forms with advanced features, with …

400K 15 CVEs

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

everest-forms

The best WordPress form builder. Create contact forms, payment forms, conversational forms, custom forms, surveys, & quizzes using drag and drop.

100K 12 CVEs

Ultra Addons for Contact Form 7

ultimate-addons-for-contact-form-7

50+ Essential Addons for Contact Form 7 - Conditional Fields, Multi Step, Redirection, Columns, WooCommerce, Mailchimp & more

60K 13 CVEs

Developer Profile

ZenForm Developer Profile

WPJoli

4 plugins · 8K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

194 days

View full developer profile

Detection Fingerprints

How We Detect ZenForm

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/zenform/assets/css/admin/jli-admin-settings.css/wp-content/plugins/zenform/assets/js/admin/jli-admin-scripts.js/wp-content/plugins/zenform/vendor/wp-color-picker-alpha/wp-color-picker-alpha.min.js/wp-content/plugins/zenform/assets/css/admin/zenform-editor.css/wp-content/plugins/zenform/assets/css/public/zenform.css/wp-content/plugins/zenform/assets/js/admin/form-editor/znf-form-editor.js

Script Paths

/wp-content/plugins/zenform/assets/js/admin/jli-admin-scripts.js/wp-content/plugins/zenform/vendor/wp-color-picker-alpha/wp-color-picker-alpha.min.js/wp-content/plugins/zenform/assets/js/admin/form-editor/znf-form-editor.js

Version Parameters

zenform/assets/css/admin/jli-admin-settings.css?ver=zenform/assets/js/admin/jli-admin-scripts.js?ver=zenform/assets/css/admin/zenform-editor.css?ver=zenform/assets/css/public/zenform.css?ver=zenform/assets/js/admin/form-editor/znf-form-editor.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpj-plugin-list-arrowwpj-plugins-content

Data Attributes

data-app-iddata-ajax-urldata-nonce

JS Globals

zenformAdmin

FAQ