Plugin inspection:

FormGet Contact Form

No issues found

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

We didn't find anything worrying in this plugin. It's probably safe. Read more about this recommendation.

Findings

  • Note that this plugin appears to be a wrapper for formget.com rather than doing the work purely within WordPress
    • This may be a compliance issue for organisations with high data security requirements
    • It also means that there may be some functionality which cannot be legally tested by third-parties without permission
  • formget.com is loaded in an iframe over an unencrypted HTTP connection in wp-admin
  • formget.com assets are loaded over an unencrypted HTTP connection when displayed to the user, at least when using http:// URLs to access the site in question – this appears to switch to HTTPS when the site is accessed via https:// URLs

Failure criteria

  • Unsafe file or network IO

Read more about our failure criteria.