Contact Form Generator : Creative form builder for WordPress

Contact Form Generator is a creative and powerful contact form builder! You will get ready-to-use forms in 5 minutes!

v2.9.1Creative-SolutionsUpdated Added 800 installs88% rating
27
Score
1,076
Errors
1,510
Warnings
+0
Change

Category Scores

Security0
Repo83
Performance97
Maintainability23

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

2,586 findings

Security

1,475

12 issue groups

Maintainability

1,101

11 issue groups

I18n

2

1 issue group

Performance

2

1 issue group

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$border_bottom_width"'.974
Category
Security
Occurrences
974
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$border_bottom_width"'.

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$act".920
Category
Maintainability
Occurrences
920
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$act".

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.176
Category
Security
Occurrences
176
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.95
Category
Security
Occurrences
95
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityRequest data is not unslashed$_GET['act'] not unslashed before sanitization. Use wp_unslash() or similar92
Category
Security
Occurrences
92
Severity
warning

Sample message

$_GET['act'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.73
Category
Maintainability
Occurrences
73
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().73
Category
Maintainability
Occurrences
73
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $forms_sql57
Category
Security
Occurrences
57
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $forms_sql

ERRORSecurityDatabase parameter is not escapedUnescaped parameter $forms_sql used in $wpdb->get_results()33
Category
Security
Occurrences
33
Severity
error

Sample message

Unescaped parameter $forms_sql used in $wpdb->get_results()

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST['data']. Check that the array index exists before using it.24
Category
Security
Occurrences
24
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['data']. Check that the array index exists before using it.

Show 15 more
WARNINGSecurityInput is not sanitized18
Category
Security
Occurrences
18
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['data']

WARNINGMaintainabilityNot In Footer12
Category
Maintainability
Occurrences
12
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

WARNINGMaintainabilityNon-prefixed function11
Category
Maintainability
Occurrences
11
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "close_accordion".

ERRORMaintainabilitystrip tags strip tags5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.

WARNINGSecurityInterpolated SQL is not prepared2
Category
Security
Occurrences
2
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $ids_placeholder at " WHERE `id` IN ($ids_placeholder)"

WARNINGSecurityUnnecessary Prepare2
Category
Security
Occurrences
2
Severity
warning

Sample message

It is not necessary to prepare a query which doesn't use variable replacement.

WARNINGMaintainabilityslow db query meta key2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WARNINGMaintainabilityslow db query meta value2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Detected usage of meta_value, possible slow query.

ERRORI18nMissing Arg Domain2
Category
I18n
Occurrences
2
Severity
error

Sample message

Missing $domain parameter in function call to esc_html__().

WARNINGPerformancePost Not In exclude2
Category
Performance
Occurrences
2
Severity
warning

Sample message

Using exclusionary parameters, like exclude, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.

ERRORSecuritySetting is missing a sanitization callback1
Category
Security
Occurrences
1
Severity
error

Sample message

Sanitization missing for register_setting().

WARNINGSecurityUnfinished Prepare1
Category
Security
Occurrences
1
Severity
warning

Sample message

Replacement variables found, but no valid placeholders found in the query.

ERRORMaintainabilitydate date1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WARNINGMaintainabilityNon-prefixed class1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "contactformgenerator_widget".

WARNINGMaintainabilityprevent path disclosure error reporting1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

error_reporting() can lead to full path disclosure.

External Connections

Potential connections found in static code analysis.

14 domains

Outbound calls

58

External assets

0

Incoming endpoints

2

Notable Domains

fonts.googleapis.com10 · outbound
jqueryui.com7 · outbound
google.com3 · outbound
gspeech.io3 · outbound
cfg-solutions.net2 · outbound

Platform / Reference Domains

wordpress.org3 · platform/reference
w3.org2 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

wp_ajax_nopriv_cfgen_send_emailpublic

wp_ajax

Admin AJAX endpoints1
wp_ajax_cfgen_send_emailauthenticated

wp_ajax

Score History

First score snapshot

v2.9.1

27

Latest

Findings
2,586
Errors
1,076
Warnings
1,510
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

Contact Form Query

1k+ active installs

100
100
Style Contact Form 7

1k+ active installs

100
ACF Field For CF7

10k+ active installs

99