Products
NXP Easy Forms (WP)
Drag-and-drop forms for WordPress with deep integrations.
Description
NXP Easy Forms is a powerful form builder with drag-and-drop editing, secure submissions, and deep integrations. It ships as a WordPress plugin and a Joomla 5 component, so teams can standardize form workflows across platforms.
It comes also with a shortcode and a special block.
Screenshots
Security features
You can choose from different anti-spam protections. By default the 'honeypot' captcha is enabled. But you can also choose to implement Turnstile, ReCaptcha or Friendly Captcha solutions.
Privacy tab
Here you can Anonymize the IP address captured, or choose not to store it at all. And you have an option to delete the old submissions as well.
Versions
Changelog
Security Hardening
- Added ABSPATH direct-access guards to all 69 PHP files in app/
- Replaced all `error_log()` calls with hook-based debug logger (`nxp_easy_forms_debug_log` action)
- Escaped all frontend-facing exception messages with `esc_html__()` or `sanitize_text_field()`
- Sanitized all `$_SERVER`, `$_GET`, and `$_COOKIE` superglobal reads with `sanitize_text_field(wp_unslash())`
- Added PHPCS ignore annotations with rationale for legitimate nonce-free `$_GET` reads (admin screen checks, signed-token flows)
Database
- Hardened all SQL queries with `%i` identifier placeholders for table names
Internationalization
- Added `/- translators: */` comments to all `sprintf()` calls containing translatable strings
- Fixed unordered placeholders to use positional format (`%1$d`, `%2$d`)
Filesystem
- Replaced `unlink()` calls with `wp_delete_file()` in Export_Controller
- Added PHPCS ignore annotations for legitimate filesystem operations (fopen, fwrite, fputcsv, fclose, filesize, readfile)
Plugin Bootstrap
- Removed manual `load_textdomain()` call (WordPress handles this automatically for directory-hosted plugins)
- Fixed `Tested up to` header to use major.minor format (6.9)
**Bug Fixes**
- Fixed "Send test email" button doing nothing when "Use global Recipient email" is enabled
- Fixed additional Plugin Check output-escaping issues for admin page header icon URLs (Forms list, Settings, and Form Builder pages)
- Fixed translators comment placement for placeholder-based error strings in form repository save/duplicate operations
Checksum
3edb1e696986a3ee73fbf092ddf18ec8829e486e29a0f46bdb205ced1a9e4ea2
Tools built in the trenches. We develop the extensions we needed for our own projects, now refined for yours.