WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

v1.10.2Syed BalkhiUpdated 3 days agoAdded 10 years ago5m+ installs96% rating95% support resolved

contact form contact form plugin custom form form builder forms

Score

165

Errors

271

Warnings

Change

Category Scores

Security0

Repo94

Performance100

Maintainability35

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

436 findings

Maintainability

285

13 issue groups

Security

149

2 issue groups

Repo Compliance

2 issue groups

WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$active_network_plugins".188

Category: Maintainability
Occurrences: 188
Severity: warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$active_network_plugins".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound

ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wpforms_datetime_format'.90

Category: Security
Occurrences: 90
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'wpforms_datetime_format'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

WARNINGSecurityUnescaped DBParameterUnescaped parameter $clause used in $wpdb->get_row()\n$clause used without escaping.59

Category: Security
Occurrences: 59
Severity: warning

Sample message

Unescaped parameter $clause used in $wpdb->get_row()\n$clause used without escaping.

PluginCheck.Security.DirectDB.UnescapedDBParameter

ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;32

Category: Maintainability
Occurrences: 32
Severity: error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protection Reference

ERRORMaintainabilitybadly named filesFile and folder names must not contain spaces or special characters.27

Category: Maintainability
Occurrences: 27
Severity: error

Sample message

File and folder names must not contain spaces or special characters.

badly_named_files

WARNINGMaintainabilityNon Prefixed Hookname FoundHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "https_local_ssl_verify".14

Category: Maintainability
Occurrences: 14
Severity: warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "https_local_ssl_verify".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound

ERRORMaintainabilitywp function not compatible with requires wpFunction "wp_get_sidebar()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 5.5.0.11

Category: Maintainability
Occurrences: 11
Severity: error

Sample message

Function "wp_get_sidebar()" requires WordPress 5.9.0, but your plugin minimum supported version is WordPress 5.5.0.

wp_function_not_compatible_with_requires_wp Reference

WARNINGMaintainabilityNon Prefixed Function FoundFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_wpforms_get_hierarchical_object_flatten".3

Category: Maintainability
Occurrences: 3
Severity: warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_wpforms_get_hierarchical_object_flatten".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound

WARNINGMaintainabilitytrademarked termThe plugin name includes a restricted term. Your chosen plugin name - "WPForms - Easy Form Builder for WordPress - Contact Forms, Payment Forms, Surveys, & More" - contains the restricted term "wordpress" which cannot be used at all in your plugin name.3

Category: Maintainability
Occurrences: 3
Severity: warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "WPForms - Easy Form Builder for WordPress - Contact Forms, Payment Forms, Surveys, & More" - contains the restricted term "wordpress" which cannot be used at all in your plugin name.

trademarked_term

ERRORMaintainabilitylibrary core filesLibrary files that are already in the WordPress core are not permitted.2

Category: Maintainability
Occurrences: 2
Severity: error

Sample message

Library files that are already in the WordPress core are not permitted.

library_core_files

Show 7 more

ERRORMaintainabilityFound1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

The use of function wp_get_sidebars_widgets() is forbidden

Generic.PHP.ForbiddenFunctions.Found

ERRORMaintainabilityNot Allowed1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

PluginCheck.CodeAnalysis.Heredoc.NotAllowed

ERRORMaintainabilityPlugin Directory Write1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Plugin folders are deleted when upgraded. Do not save data to the plugin folder using unzip_file(). Detected usage of constant WP_CONTENT_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.

PluginCheck.CodeAnalysis.WriteFile.PluginDirectoryWrite

WARNINGMaintainabilitymismatched plugin name1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Plugin name "WPForms - Easy Form Builder for WordPress - Contact Forms, Payment Forms, Surveys, & More" is different from the name declared in plugin header "WPForms Lite".

mismatched_plugin_name Reference

WARNINGMaintainabilitymissing composer json file1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

The "/vendor" directory using composer exists, but "composer.json" file is missing.

missing_composer_json_file Reference

WARNINGRepo Compliancereadme parser warnings trimmed section changelog1

Category: Repo Compliance
Occurrences: 1
Severity: warning

Sample message

The "Changelog" section is too long and was truncated. A maximum of 5000 characters is supported.

readme_parser_warnings_trimmed_section_changelog

WARNINGRepo Compliancereadme parser warnings trimmed short description1

Category: Repo Compliance
Occurrences: 1
Severity: warning

Sample message

The "Short Description" section is too long and was truncated. A maximum of 150 characters is supported.

readme_parser_warnings_trimmed_short_description

Score History

First score snapshot

2 days ago

v1.10.2

Latest

Findings: 436
Errors: 165
Warnings: 271
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
2 days agoLatest	31	436	165	271	v1.10.2	2.0.0

Related Plugins

Add Password Field for Contact Form 7

3k+ active installs

100

WS Form LITE – Drag & Drop Contact Form Builder

10k+ active installs

100

ACF Field For CF7

10k+ active installs

Disable Flamingo Addressbook

4k+ active installs

Online Forms — Customizable Payment, Contact, Quiz, Survey Form Builder – Jotform

20k+ active installs

Contact Form Clean and Simple

7k+ active installs