| #1 | Ninja Forms – The Contact Form Builder That Grows With You | 23 | 754 | 1,525 | 600k+ | | Nonce verification recommended |
| #2 | Kali Forms — Contact Form & Drag-and-Drop Builder | 38 | 3 | 252 | 10k+ | | Dynamic hook name |
| #3 | JetFormBuilder — Dynamic Blocks Form Builder | 17 | 2,094 | 1,588 | 90k+ | | Text Domain Mismatch |
| #4 | WPBot – ChatBot Conversational Forms | 24 | 1,254 | 1,226 | 2k+ | | Text Domain Mismatch |
| #5 | HubSpot All-In-One Marketing – Forms, Popups, Live Chat | 97 | 6 | 4 | 200k+ | | Missing direct file access protection |
| #6 | Block IPs for Gravity Forms | 50 | 8 | 36 | 1k+ | | Request data is not unslashed |
| #7 | Formstack Online Forms | 52 | 39 | 20 | 1k+ | | Output is not escaped |
| #8 | File Upload For WPForms – Filenzo | 59 | 8 | 16 | 1k+ | | Output is not escaped |
| #9 | Wrap form fields in Gravity Forms | 84 | 22 | 3 | 1k+ | | Text Domain Mismatch |
| #10 | Universal Honey Pot | 40 | 23 | 94 | 1k+ | | Missing nonce verification |
| #11 | Woorise – Landing Pages, Forms & Surveys | 71 | 8 | 14 | 1k+ | | Input is not sanitized |
| #12 | Retainful – WooCommerce Abandoned Cart, Newsletters, Email Marketing, Signup Forms and Automation | 79 | 15 | 26 | 2k+ | | Non-prefixed hook name |
| #13 | GravityWP – Count | 98 | 2 | 3 | 2k+ | | trademarked term |
| #14 | Subscribe Forms – Beautiful Email Forms, Embedded Newsletter Forms & MailChimp Form | 23 | 419 | 542 | 2k+ | | Non-prefixed global variable |
| #15 | Edit Entries for Gravity Forms | 91 | 5 | 3 | 2k+ | | Nonce verification recommended |
| #16 | Account Engagement | 32 | 115 | 74 | 2k+ | | Output is not escaped |
| #17 | WP-FormAssembly | 77 | 4 | 15 | 2k+ | | Nonce verification recommended |
| #18 | Cognito Forms | 75 | 13 | 4 | 2k+ | | wp function not compatible with requires wp |
| #19 | Gravity Forms – Placeholders add-on | 90 | 5 | 5 | 2k+ | | trademarked term |
| #20 | Fluent Forms Block | 92 | 4 | 18 | 2k+ | | Non-prefixed global variable |
| #21 | Gravity Slider Fields | 39 | 56 | 36 | 2k+ | | Text Domain Mismatch |
| #22 | G-Forms hCaptcha | 88 | 7 | 5 | 3k+ | | Missing direct file access protection |
| #23 | Payment Forms for Paystack | 90 | 494 | 23 | 3k+ | | Text Domain Mismatch |
| #24 | Gravity Forms Constant Contact | 46 | 36 | 27 | 3k+ | | Non-prefixed class |
| #25 | Mollie Forms | 41 | 14 | 565 | 3k+ | | Request data is not unslashed |
| #26 | Quill Forms | Conversational Multi Step Forms, Surveys & quizzes | 20 | 401 | 368 | 3k+ | | Text Domain Mismatch |
| #27 | Add-on Contact Form 7 – MailPoet 3 | 41 | 88 | 12 | 3k+ | | Output is not escaped |
| #28 | GravityWP – CSS Selector | 98 | 2 | 4 | 4k+ | | trademarked term |
| #29 | Gravity Forms CSS Ready Class Selector | 72 | 18 | 4 | 4k+ | | Non Singular String Literal Domain |
| #30 | Country State City Dropdown CF7 | 40 | 35 | 54 | 5k+ | | Direct Query |
| #31 | Smart Forms – when you need more than just a contact form | 21 | 776 | 574 | 5k+ | | Output is not escaped |
| #32 | Contact Form 7 Signature Addon | 45 | 147 | 44 | 6k+ | | Text Domain Mismatch |
| #33 | Integration for Elementor forms – Sendinblue | 65 | 94 | 56 | 7k+ | | Text Domain Mismatch |
| #34 | Lead Form Builder & Contact Form | 35 | 400 | 345 | 9k+ | | Output is not escaped |
| #35 | Multi Step Form | 34 | 277 | 136 | 9k+ | | Output is not escaped |
| #36 | WS Form LITE – Drag & Drop Contact Form Builder | 100 | | 0 | 10k+ | | No open findings |
| #37 | HT Contact Form – Drag & Drop Form Builder for WordPress | 25 | 158 | 593 | 10k+ | | Non-prefixed global variable |
| #38 | Zoho Forms – Drag & Drop Form Builder for Websites – Contact Forms, Payment Forms, Order Forms & More | 85 | 16 | 2 | 10k+ | | Non Enqueued Script |
| #39 | E2Pdf – Export Pdf Tool for WordPress | 22 | 1,075 | 836 | 10k+ | | Unsafe printing function |
| #40 | SendWP | 37 | 47 | 42 | 10k+ | | Output is not escaped |
| #41 | Multi Step for Contact Form 7 | 36 | 61 | 106 | 10k+ | | Missing nonce verification |
| #42 | weForms – Easy Drag & Drop Contact Form Builder For WordPress | 25 | 916 | 450 | 10k+ | | Output is not escaped |
| #43 | WPZOOM Forms – Drag & Drop Contact Form Builder for WordPress | 35 | 74 | 109 | 10k+ | | Nonce verification recommended |
| #44 | LeadConnector | 100 | | 0 | 20k+ | | No open findings |
| #45 | Visual Form Builder | 34 | 82 | 329 | 20k+ | | Direct Query |
| #46 | Online Forms — Customizable Payment, Contact, Quiz, Survey Form Builder – Jotform | 99 | 1 | 0 | 20k+ | | outdated tested upto header |
| #47 | RD Station | 74 | 2 | 67 | 20k+ | | Non-prefixed global variable |
| #48 | Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms | 22 | 1,037 | 722 | 20k+ | | Unsafe printing function |
| #49 | Database Addon For WPForms ( wpforms entries ) – WPFormsDB | 43 | 17 | 53 | 20k+ | | Nonce verification recommended |
| #50 | Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder | 37 | 83 | 113 | 20k+ | | SQL query is not prepared |
