Does Zu Contact have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Zu Contact compatible with WordPress 5.8.13?

According to WordPress.org data, Zu Contact 1.1.5 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

Is Zu Contact compatible with PHP 7.2.0+?

Zu Contact requires PHP 7.2.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Zu Contact updated?

Zu Contact was last updated on Jan 11, 2022. Frequent updates are generally a positive security signal.

What is Zu Contact's security score?

Zu Contact has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Zu Contact Security & Risk Analysis

wordpress.org/plugins/zu-contact

Simple but smart and modern Ajax contact form. With Form Blocks and Gutenberg based settings page.

0 active installs v1.1.5 PHP 7.2.0+ WP 5.3.0+ Updated Jan 11, 2022

ajaxcontact-formemailfeedbackgutenberg

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Zu Contact Safe to Use in 2026?

Generally Safe

Score 85/100

Zu Contact has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The plugin "zu-contact" v1.1.5 demonstrates a generally good security posture, with no known vulnerabilities in its history and a solid implementation of security best practices in its static analysis. The absence of known CVEs and the plugin's consistent adherence to prepared statements for SQL queries, alongside a high percentage of properly escaped output, are significant strengths. The limited attack surface, consisting of only two shortcodes and no AJAX or REST API endpoints without authentication, further reduces the potential for direct exploitation.

However, the static analysis does reveal a couple of areas that warrant attention. Specifically, the taint analysis indicates two flows with unsanitized paths, although these are not classified as critical or high severity. This suggests a potential, albeit low-level, risk of improper handling of user-supplied data that could lead to unexpected behavior or information disclosure in specific scenarios. The presence of file operations without further context on their sanitization is also a minor concern.

Overall, "zu-contact" v1.1.5 is a relatively secure plugin. Its strengths lie in its clean vulnerability history and robust implementation of core security measures like prepared statements and output escaping. The identified taint flows, while not critical, are the primary area for improvement to further harden the plugin's security. The lack of any previously recorded vulnerabilities is a positive indicator of the developers' diligence.

Key Concerns

Flows with unsanitized paths
File operations without clear sanitization context

Vulnerabilities

None known

Zu Contact Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Zu Contact Release Timeline

v1.1.5Current

v1.1.3

v1.1.2

v1.1.0

v1.0.8-wp

Code Analysis

Analyzed Mar 17, 2026

Zu Contact Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

91% escaped23 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

verify_response (includes\traits\recaptcha.php:89)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Zu Contact Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[zu-contact] includes\traits\shortcode.php:7

[zu-booking] includes\traits\shortcode.php:8

WordPress Hooks 33

actionphpmailer_initincludes\traits\mailer.php:11

actionwp_mail_failedincludes\traits\mailer.php:12

filterwp_mail_content_typeincludes\traits\mailer.php:121

actionadmin_noticeszukit\load.php:136

filterbody_classzukit\snippets\traits\classes.php:24

filteradmin_body_classzukit\snippets\traits\classes.php:32

filterpre_render_blockzukit\snippets\traits\content.php:132

actionadmin_footerzukit\snippets\traits\inline.php:15

actionadmin_footerzukit\snippets\traits\inline.php:16

actionwp_footerzukit\snippets\traits\inline.php:18

actionwp_footerzukit\snippets\traits\inline.php:19

filtercustom_menu_orderzukit\traits\admin-menu.php:16

actionadmin_initzukit\traits\admin.php:39

actionadmin_enqueue_scriptszukit\traits\admin.php:44

actionadmin_menuzukit\traits\admin.php:50

actionrest_api_initzukit\traits\ajax-rest.php:142

actionrest_api_initzukit\traits\ajax-rest.php:143

actioninitzukit\traits\debug.php:47

filterscript_loader_tagzukit\traits\scripts.php:14

actionenqueue_block_editor_assetszukit\zukit-blocks.php:44

actionenqueue_block_assetszukit\zukit-blocks.php:45

actionwp_enqueue_scriptszukit\zukit-blocks.php:46

filterzukit_no_excerpt_blockszukit\zukit-blocks.php:111

actioninitzukit\zukit-plugin.php:93

actioninitzukit\zukit-plugin.php:94

actionadmin_initzukit\zukit-plugin.php:96

actionadmin_initzukit\zukit-plugin.php:97

actionwp_enqueue_scriptszukit\zukit-plugin.php:99

actionwp_enqueue_scriptszukit\zukit-plugin.php:100

actionadmin_enqueue_scriptszukit\zukit-plugin.php:103

actionadmin_enqueue_scriptszukit\zukit-plugin.php:105

actionadmin_enqueue_scriptszukit\zukit-plugin.php:106

actionafter_setup_themezukit\zukit-plugin.php:109

Maintenance & Trust

Zu Contact Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedJan 11, 2022

PHP min version7.2.0

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Zu Contact Alternatives

Contact Form X

contact-form-x

100

Displays a user-friendly contact form that your visitors will love. Lightweight, fast, secure, and accessible (ADA/WCAG compliant).

400 1 CVE

woo-shortcode-popup

Creates a popup button on woocommerce shop page

10 No CVEs

More Mails for CF7

more-mails-for-cf7

100

Extends the ubiquitous Contact Form 7 plugin to allow three or more messages.

500 No CVEs

Contact Form 7 Countries

cf7-countries

Country drop-down menu for Contact Form 7.

400 No CVEs

Forms

forms-by-made-it

Build easy and flexible forms with Forms.

100 1 unpatched

Developer Profile

Zu Contact Developer Profile

Dmitry

2 plugins · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Zu Contact

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/zu-contact/dist/js//wp-content/plugins/zu-contact/dist/css/

Script Paths

/wp-content/plugins/zu-contact/dist/js/zu-contact.min.js/wp-content/plugins/zu-contact/dist/js/zukit.js

Version Parameters

zu-contact.min.js?ver=zukit.js?ver=

HTML / DOM Fingerprints

JS Globals

zucontact_jsdata

FAQ