Custom Contact Forms

Build custom forms and manage submissions the WordPress way. Gutenberg block, Cloudflare Turnstile, and anti-spam protection.

v7.9.1outlawgtUpdated 5 days agoAdded 16 years ago6k+ installs70% rating0% support resolved

contact form custom form form builder spam protection turnstile

Score

Errors

106

Warnings

Change

Category Scores

Security0

Repo94

Performance100

Maintainability76

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

118 findings

Security

5 issue groups

Maintainability

10 issue groups

I18n

1 issue group

Repo Compliance

1 issue group

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.68

Category: Security
Occurrences: 68
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.19

Category: Security
Occurrences: 19
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.5

Category: Maintainability
Occurrences: 5
Severity: warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().5

Category: Maintainability
Occurrences: 5
Severity: warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_FILES[$file_key]['error']. Check that the array index exists before using it.5

Category: Security
Occurrences: 5
Severity: warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_FILES[$file_key]['error']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated

ERRORMaintainabilityfile system operations fcloseFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().3

Category: Maintainability
Occurrences: 3
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

WordPress.WP.AlternativeFunctions.file_system_operations_fclose

ERRORMaintainabilitywp function not compatible with requires wpFunction "wp_date()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 5.0.0.3

Category: Maintainability
Occurrences: 3
Severity: error

Sample message

Function "wp_date()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 5.0.0.

wp_function_not_compatible_with_requires_wp Reference

WARNINGI18nDiscouraged text-domain loadingload_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.1

Category: I18n
Occurrences: 1
Severity: warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound Reference

ERRORMaintainabilityOffloaded ContentFound call to wp_enqueue_script() with external resource. Offloading scripts to your servers or any remote service is disallowed.1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Found call to wp_enqueue_script() with external resource. Offloading scripts to your servers or any remote service is disallowed.

PluginCheck.CodeAnalysis.EnqueuedResourceOffloading.OffloadedContent

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['ccf_field_' . $slug]1

Category: Security
Occurrences: 1
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['ccf_field_' . $slug]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

Show 7 more

WARNINGSecurityRequest data is not unslashed1

Category: Security
Occurrences: 1
Severity: warning

Sample message

$_SERVER['SERVER_NAME'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

ERRORMaintainabilityfile system operations fopen1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

WordPress.WP.AlternativeFunctions.file_system_operations_fopen

ERRORMaintainabilityfile system operations fread1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().

WordPress.WP.AlternativeFunctions.file_system_operations_fread

ERRORMaintainabilityfile system operations fwrite1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().

WordPress.WP.AlternativeFunctions.file_system_operations_fwrite

WARNINGMaintainabilityMissing Version1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion

ERRORMaintainabilitylibrary core files1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Library files that are already in the WordPress core are not permitted.

library_core_files

ERRORRepo Complianceoutdated tested upto header1

Category: Repo Compliance
Occurrences: 1
Severity: error

Sample message

Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_header Reference

External Connections

Potential connections found in static code analysis.

11 domains

Outbound calls

External assets

Incoming endpoints

Notable Domains

oiopublisher.com2 · outbound

php-fig.org2 · outbound

bugs.php.net1 · outbound

dash.cloudflare.com1 · outbound

developer.mozilla.org1 · outbound

Platform / Reference Domains

wordpress.org4 · platform/reference

w3.org2 · platform/reference

codex.wordpress.org1 · platform/reference

gnu.org1 · platform/reference

External Asset Domains

google.com6 · asset + outbound

challenges.cloudflare.com2 · asset + outbound

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints1

wp_ajax_ccf_send_test_emailauthenticated

wp_ajax

Score History

First score snapshot

yesterday

v7.9.1

Latest

Findings: 118
Errors: 12
Warnings: 106
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
yesterdayLatest	39	118	12	106	v7.9.1	2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Loading map

PluginAuthorCategoryIssueDomainRelated

Relationship links

Issue

Domain

Related Plugins

Add Password Field for Contact Form 7

3k+ active installs

100

Contact Form Query

1k+ active installs

100

Dam Spam

1k+ active installs

100

Style Contact Form 7

1k+ active installs

100

WS Form LITE – Drag & Drop Contact Form Builder

10k+ active installs

100

ACF Field For CF7

10k+ active installs