Contact WordPress Plugins That Need Review
32 indexed plugins
Plugins
32
Active Installs
968k+
Average Score
57
Audited
32
Needs Review
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1 | WP Email Template | 19 | 342 | 350 | 2k+ | Exception output is not escaped | ||
| #2 | Contact Form Email | 25 | 409 | 898 | 9k+ | Non-prefixed global variable | ||
| #3 | cformsII | 31 | 777 | 536 | 4k+ | Unsafe printing function | ||
| #4 | EchBay Phonering Alo | 33 | 74 | 47 | 1k+ | Output is not escaped | ||
| #5 | WPZOOM Forms – Drag & Drop Contact Form Builder for WordPress | 35 | 74 | 109 | 10k+ | Nonce verification recommended | ||
| #6 | Anything Popup | 37 | 164 | 185 | 2k+ | Non-prefixed global variable | ||
| #7 | Database for Contact Form 7 | 38 | 34 | 128 | 7k+ | Missing nonce verification | ||
| #8 | Contact Form 7 – Post Fields | 38 | 167 | 25 | 3k+ | Text Domain Mismatch | ||
| #9 | Simple Webchat | 39 | 142 | 204 | 1k+ | Output is not escaped | ||
| #10 | Flamingo | 40 | 15 | 228 | 800k+ | Nonce verification recommended | ||
| #11 | Contact Info Widget | 40 | 184 | 3 | 1k+ | Output is not escaped | ||
| #12 | Contact Form 7 Widget | 41 | 70 | 4 | 2k+ | Output is not escaped | ||
| #13 | Contact Form 7 add confirm | 42 | 31 | 51 | 50k+ | Text Domain Mismatch | ||
| #14 | Flamix: Bitrix24 and Contact Form 7 integrations | 42 | 79 | 4 | 1k+ | Output is not escaped | ||
| #15 | Speed Contact Bar | 42 | 53 | 20 | 5k+ | Output is not escaped | ||
| #16 | Contact Details | 45 | 43 | 29 | 1k+ | Non Singular String Literal Text | ||
| #17 | Inazo's flamingo automatically delete old messages | 45 | 33 | 20 | 4k+ | Output is not escaped | ||
| #18 | Confirm Plus Contact Form 7 | 49 | 19 | 36 | 7k+ | Non Singular String Literal Domain | ||
| #19 | VS Contact Form | 55 | 3 | 318 | 7k+ | Non-prefixed global variable | ||
| #20 | Sticky Side Buttons | 64 | 27 | 4 | 10k+ | Unsafe printing function | ||
| #21 | Awesome Contact Form7 for Elementor | 67 | 20 | 30 | 7k+ | Non-prefixed global variable | ||
| #22 | Multifile Upload Field for Contact Form 7 | 73 | 41 | 7 | 5k+ | Text Domain Mismatch | ||
| #23 | Store file uploads for Contact Form 7 | 76 | 5 | 6 | 1k+ | Output is not escaped | ||
| #24 | Contact Form 7 Translate Messages Extension | 77 | 10 | 5 | 1k+ | Output is not escaped | ||
| #25 | Rich Contact Widget | 80 | 13 | 2 | 9k+ | Output is not escaped | ||
| #26 | Storefront Homepage Contact Section | 82 | 26 | 2 | 1k+ | Output is not escaped | ||
| #27 | Generate PDF using Contact Form 7 | 93 | 3 | 4k+ | Input is not sanitized | |||
| #28 | WP Click to Chat – Email, Live Chat, Call & Book Now Buttons | 94 | 43 | 47 | 1k+ | wp function not compatible with requires wp | ||
| #29 | Contact Form 7 IE DatePicker and Number Spinner Fix | 97 | 5 | 5 | 1k+ | trademarked term | ||
| #30 | Contact Form Clean and Simple | 98 | 2 | 3 | 7k+ | Non-prefixed class | ||
| #31 | Very Simple Google Maps | 99 | 2 | 0 | 3k+ | Missing direct file access protection | ||
| #32 | Contact Form Query | 100 | 0 | 1k+ | No open findings |
