Form WordPress Plugins That Need Review
108 indexed plugins
Plugins
108
Active Installs
2m+
Average Score
54
Audited
108
Needs Review
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #51 | Conditional Fields for Contact Form 7 | 41 | 113 | 52 | 100k+ | Output is not escaped | ||
| #52 | Submission DOM tracking for Contact Form 7 | 41 | 144 | 8 | 400 | Text Domain Mismatch | ||
| #53 | Confetti | 42 | 136 | 17 | 3k+ | Unsafe printing function | ||
| #54 | Contact Form 7 add confirm | 42 | 31 | 51 | 50k+ | Text Domain Mismatch | ||
| #55 | Flamix: Bitrix24 and Contact Form 7 integrations | 42 | 79 | 4 | 1k+ | Output is not escaped | ||
| #56 | Mailster Cool Captcha | 42 | 65 | 28 | 400 | Text Domain Mismatch | ||
| #57 | Hash Form – Drag & Drop Form Builder | 43 | 9 | 273 | 3k+ | Non-prefixed global variable | ||
| #58 | reCAPTCHA for MW WP Form | 43 | 37 | 14 | 30k+ | Non Singular String Literal Domain | ||
| #59 | Contact Form 7 Signature Addon | 45 | 147 | 44 | 6k+ | Text Domain Mismatch | ||
| #60 | wpDataTables integration for Forminator Forms | 45 | 62 | 38 | 1k+ | Text Domain Mismatch | ||
| #61 | Easy Subscribe | 46 | 132 | 700 | Direct Query | |||
| #62 | TotalSurvey for Survey, Quiz and Form | 46 | 290 | 33 | 600 | Missing direct file access protection | ||
| #63 | WP Login Form | 48 | 14 | 20 | 7k+ | Request data is not unslashed | ||
| #64 | WP Eventbrite Embedded Checkout | 52 | 49 | 7 | 700 | Text Domain Mismatch | ||
| #65 | VS Contact Form | 55 | 3 | 318 | 7k+ | Non-prefixed global variable | ||
| #66 | Form data to kintone | 56 | 25 | 22 | 1k+ | Output is not escaped | ||
| #67 | Gravity PDF | 57 | 116 | 152 | 20k+ | Non-prefixed global variable | ||
| #68 | MC4WP: Mailchimp for WordPress | 57 | 238 | 1m+ | Non-prefixed global variable | |||
| #69 | Gutenverse Form – Contact Form Builder, Block Form & Booking Form | 58 | 17 | 48 | 10k+ | Nonce verification recommended | ||
| #70 | GravityWP – Merge Tags | 59 | 16 | 172 | 2k+ | Non-prefixed global variable | ||
| #71 | Advanced Comment Form | 64 | 68 | 6 | 4k+ | Output is not escaped | ||
| #72 | Mailchimp Widget by ProteusThemes | 66 | 17 | 9 | 1k+ | Output is not escaped | ||
| #73 | Multilingual Forms for Fluent Forms with WPML | 67 | 52 | 16 | 1k+ | Text Domain Mismatch | ||
| #74 | Contact Form 7 Confirm Email Field | 71 | 35 | 11 | 2k+ | Text Domain Mismatch | ||
| #75 | Gravity Forms CSS Ready Class Selector | 72 | 18 | 4 | 4k+ | Non Singular String Literal Domain | ||
| #76 | Contact Form to Brevo | 73 | 67 | 11 | 1k+ | Text Domain Mismatch | ||
| #77 | Multifile Upload Field for Contact Form 7 | 73 | 41 | 7 | 5k+ | Text Domain Mismatch | ||
| #78 | Cognito Forms | 75 | 13 | 4 | 2k+ | wp function not compatible with requires wp | ||
| #79 | Advanced Custom Fields: Ninjaforms Add-on | 76 | 43 | 8 | 1k+ | Text Domain Mismatch | ||
| #80 | Store file uploads for Contact Form 7 | 76 | 5 | 6 | 1k+ | Output is not escaped | ||
| #81 | Honeypot Plus for Contact Form 7 | 77 | 3 | 17 | 700 | Missing nonce verification | ||
| #82 | Advanced Custom Fields: Gravity Forms Add-on | 78 | 33 | 13 | 30k+ | Text Domain Mismatch | ||
| #83 | More Mails for CF7 | 78 | 13 | 6 | 500 | Text Domain Mismatch | ||
| #84 | SurveyX Builder – Easy Feedback, Poll, Quiz & Survey | 81 | 22 | 2k+ | Interpolated SQL is not prepared | |||
| #85 | Confirm Plus Contact Form 7 | 82 | 10 | 15 | 7k+ | Non Singular String Literal Domain | ||
| #86 | Multiple Form Instances Add-on for Gravity Forms | 82 | 5 | 5 | 800 | Missing direct file access protection | ||
| #87 | Storefront Homepage Contact Section | 82 | 26 | 2 | 1k+ | Output is not escaped | ||
| #88 | Mailster reCaptcha | 84 | 4 | 15 | 1k+ | Missing nonce verification | ||
| #89 | SearchWP Modal Search Form | 91 | 9 | 9 | 5k+ | trademarked term | ||
| #90 | Doppler Easy Multichannel Marketing enhanced with IA | 96 | 11 | 6 | 600 | wp function not compatible with requires wp | ||
| #91 | Integrate Ecomail and Elementor Forms | 96 | 28 | 4 | 600 | Text Domain Mismatch | ||
| #92 | Kit (formerly ConvertKit) for WPForms | 96 | 11 | 16 | 1k+ | Non-prefixed global variable | ||
| #93 | Contact Form 7 IE DatePicker and Number Spinner Fix | 97 | 5 | 5 | 1k+ | trademarked term | ||
| #94 | Wufoo Shortcode | 97 | 3 | 3 | 10k+ | Missing direct file access protection | ||
| #95 | Contact Form Clean and Simple | 98 | 2 | 3 | 7k+ | Non-prefixed class | ||
| #96 | Comments Shortcode | 98 | 3 | 1 | 900 | Missing direct file access protection | ||
| #97 | Customize Submit Button for Gravity Forms | 98 | 8 | 0 | 700 | Text Domain Mismatch | ||
| #98 | Fluent Forms Connector for MailPoet | 98 | 28 | 7 | 1k+ | Text Domain Mismatch | ||
| #99 | GravityWP – Count | 98 | 2 | 3 | 2k+ | trademarked term | ||
| #100 | GravityWP – CSS Selector | 98 | 2 | 4 | 4k+ | trademarked term |