WPForms – AI Form Builder for WordPress – Contact Forms, Payment Forms, Survey Form, Quiz & More

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

v1.10.2.1Syed BalkhiUpdated 4 days agoAdded 10 years ago5m+ installs96% rating89% support resolved

contact form contact form plugin custom form form builder forms

Score

165

Errors

273

Warnings

Change

Category Scores

Security0

Repo97

Performance100

Maintainability35

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

438 findings

Maintainability

288

13 issue groups

Security

149

2 issue groups

Repo Compliance

1 issue group

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$active_network_plugins".191

Category: Maintainability
Occurrences: 191
Severity: warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$active_network_plugins".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wpforms_datetime_format'.90

Category: Security
Occurrences: 90
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wpforms_datetime_format'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $clause used in $wpdb->get_row()\n$clause used without escaping.59

Category: Security
Occurrences: 59
Severity: warning

Sample message

Unescaped parameter $clause used in $wpdb->get_row()\n$clause used without escaping.

PluginCheck.Security.DirectDB.UnescapedDBParameter

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;32

Category: Maintainability
Occurrences: 32
Severity: error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protection Reference

ERRORMaintainabilitybadly named filesFile and folder names must not contain spaces or special characters.27

Category: Maintainability
Occurrences: 27
Severity: error

Sample message

File and folder names must not contain spaces or special characters.

badly_named_files

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "https_local_ssl_verify".14

Category: Maintainability
Occurrences: 14
Severity: warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "https_local_ssl_verify".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound

ERRORMaintainabilitywp function not compatible with requires wpFunction "wp_get_sidebar()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 5.5.0.11

Category: Maintainability
Occurrences: 11
Severity: error

Sample message

Function "wp_get_sidebar()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 5.5.0.

wp_function_not_compatible_with_requires_wp Reference

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_wpforms_get_hierarchical_object_flatten".3

Category: Maintainability
Occurrences: 3
Severity: warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_wpforms_get_hierarchical_object_flatten".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound

WARNINGMaintainabilitytrademarked termThe plugin name includes a restricted term. Your chosen plugin name - "WPForms - AI Form Builder for WordPress - Contact Forms, Payment Forms, Survey Form, Quiz & More" - contains the restricted term "wordpress" which cannot be used at all in your plugin name.3

Category: Maintainability
Occurrences: 3
Severity: warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "WPForms - AI Form Builder for WordPress - Contact Forms, Payment Forms, Survey Form, Quiz & More" - contains the restricted term "wordpress" which cannot be used at all in your plugin name.

trademarked_term

ERRORMaintainabilitylibrary core filesLibrary files that are already in the WordPress core are not permitted.2

Category: Maintainability
Occurrences: 2
Severity: error

Sample message

Library files that are already in the WordPress core are not permitted.

library_core_files

Show 6 more

ERRORMaintainabilityForbidden PHP function found1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

The use of function wp_get_sidebars_widgets() is forbidden

Generic.PHP.ForbiddenFunctions.Found

ERRORMaintainabilityNot Allowed1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

PluginCheck.CodeAnalysis.Heredoc.NotAllowed

ERRORMaintainabilityPlugin Directory Write1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Plugin folders are deleted when upgraded. Do not save data to the plugin folder using unzip_file(). Detected usage of constant WP_CONTENT_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.

PluginCheck.CodeAnalysis.WriteFile.PluginDirectoryWrite

WARNINGMaintainabilitymismatched plugin name1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Plugin name "WPForms - AI Form Builder for WordPress - Contact Forms, Payment Forms, Survey Form, Quiz & More" is different from the name declared in plugin header "WPForms Lite".

mismatched_plugin_name Reference

WARNINGMaintainabilitymissing composer json file1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

The "/vendor" directory using composer exists, but "composer.json" file is missing.

missing_composer_json_file Reference

WARNINGRepo Compliancereadme parser warnings trimmed short description1

Category: Repo Compliance
Occurrences: 1
Severity: warning

Sample message

The "Short Description" section is too long and was truncated. A maximum of 150 characters is supported.

readme_parser_warnings_trimmed_short_description

External Connections

Potential connections found in static code analysis.

55 domains

Outbound calls

259

External assets

Incoming endpoints

Notable Domains

wpforms.com106 · outbound

api.constantcontact.com5 · outbound

facebook.com4 · outbound

fontawesome.com4 · outbound

smashballoon.com4 · outbound

monsterinsights.com3 · outbound

Platform / Reference Domains

w3.org21 · platform/reference

wordpress.org20 · platform/reference

downloads.wordpress.org18 · platform/reference

github.com16 · platform/reference

opensource.org2 · platform/reference

gnu.org1 · platform/reference

External Asset Domains

youtube-nocookie.com2 · asset

Incoming Endpoints

wp_ajax_nopriv_wpforms_restricted_emailpublic

wp_ajax

wp_ajax_nopriv_wpforms_submitpublic

wp_ajax

Admin AJAX endpoints37

wp_ajax_wpforms_activate_addonauthenticated

wp_ajax

wp_ajax_wpforms_admin_form_embed_wizard_embed_page_urlauthenticated

wp_ajax

wp_ajax_wpforms_admin_form_embed_wizard_search_pages_choicesjsauthenticated

wp_ajax

wp_ajax_wpforms_admin_forms_overview_delete_tagsauthenticated

wp_ajax

wp_ajax_wpforms_admin_forms_overview_save_columns_orderauthenticated

wp_ajax

wp_ajax_wpforms_admin_forms_overview_save_tagsauthenticated

wp_ajax

wp_ajax_wpforms_ajax_search_pages_for_dropdownauthenticated

wp_ajax

wp_ajax_wpforms_builder_dynamic_choicesauthenticated

wp_ajax

wp_ajax_wpforms_builder_dynamic_sourceauthenticated

wp_ajax

wp_ajax_wpforms_builder_increase_next_field_idauthenticated

wp_ajax

wp_ajax_wpforms_builder_load_panelauthenticated

wp_ajax

wp_ajax_wpforms_builder_save_internal_information_checkboxauthenticated

wp_ajax

25 more hidden

Score History

2 score snapshots

4 days ago

v1.10.2.1

Latest

Findings: 438
Errors: 165
Warnings: 273
Check: 2.0.0

10 days ago

v1.10.2

Score

Findings: 436
Errors: 165
Warnings: 271
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
4 days agoLatest	32	438	165	273	v1.10.2.1	2.0.0
10 days ago	31	436	165	271	v1.10.2	2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Loading map

PluginAuthorCategoryIssueDomainRelated

Relationship links

Issue

Domain

wpforms.com106 signals api.constantcontact.com5 signals facebook.com4 signals fontawesome.com4 signals smashballoon.com4 signals monsterinsights.com3 signals aioseo.com2 signals chartjs.org2 signals

Related Plugins

Add Password Field for Contact Form 7

3k+ active installs

100

Contact Form Query

1k+ active installs

100

NEX-Forms ADD ON – Super Select

1k+ active installs

100

Style Contact Form 7

1k+ active installs

100

WS Form LITE – Drag & Drop Contact Form Builder

10k+ active installs

100

ACF Field For CF7

10k+ active installs