WordPress OSINT, maintenance or security needs? Reach out!
TLDWP

Plugin: clean-and-simple-contact-form-by-meg-nicholas (Used by 50 domains)

Contact Form Clean and Simple

👤 fullworks 📦 v4.12.2 🔗 Plugin Homepage

A clean and simple AJAX contact form with Google reCAPTCHA, flexible CSS framework support, spam filtering, and REST API support for headless WordPress implementations.

  • Clean: all user inputs are stripped in order to avoid cross-site scripting (XSS) vulnerabilities.

  • Simple: AJAX enabled validation and submission for immediate response and guidance for your users (can be switched off).

  • Flexible Styling: Choose your CSS framework – Bootstrap (default), Theme Native (inherits your theme’s styles), or Minimal (semantic classes for complete custom styling).

  • REST API Support: Enable headless WordPress implementations to submit forms via authenticated REST API endpoints.

  • Accessible: Built with accessibility in mind – proper ARIA attributes, keyboard navigation, screen reader support, and WCAG AA compliant color contrast.

This is a straightforward contact form for your WordPress site. There is very minimal set-up
required. Simply install, activate, and then place the short code [cscf-contact-form] on your web page.

A standard set of input boxes are provided, these include Email Address, Name, Message and a nice big ‘Send Message’ button.

When your user has completed the form an email will be sent to you containing your user’s message.
To reply simply click the ‘reply’ button on your email client.
The email address used is the one you have set up in WordPress under ‘Settings’ -> ‘General’, so do check this is correct.

To help prevent spam all data is scanned can be scanned with Fullworks Anti Spam Pro.
For this to work you must have the Fullworks Anti Spam Pro Plugin installed and activated.

Fullworks Anti Spam Pro will also log all your messages, categorized as spam or not, automatically.

For added piece of mind this plugin also allows you to add a ‘reCAPTCHA’.
This adds a picture of a couple of words to the bottom of the contact form.
Your user must correctly type the words before the form can be submitted, and in so doing, prove that they are human.

Why Choose This Plugin?

Granted there are many plugins of this type in existence already. Why use this one in-particular?

Here’s why:

  • Minimal setup. Simply activate the plugin and place the shortcode [cscf-contact-form] on any post or page.

  • Safe. All input entered by your user is stripped back to minimise as far as possible the likelihood of any
    malicious user attempting to inject a script into your website.
    If the Fullworks Anti Spam Pro plugin is activated all form data will be scanned for spam.
    You can turn on reCAPTCHA to avoid your form being abused by bots, however Fullworks Anti Spam Pro will do this without reCAPTCHA.

  • Ajax enabled. You have the option to turn on AJAX (client-side) validation and submission which gives your users an immediate response when completing the form without having to wait for the page to refresh.

  • The form can integrate seamlessly into your website. Turn off the plugin’s default css style sheet so that your theme’s style sheet can be used instead.

  • Flexible CSS styling: Choose from Bootstrap, Modern (with dark mode), Theme Native, or Minimal styling modes to match your site’s design.

  • This plugin will only link in its jQuery file where it’s needed, it will not impose itself on every page of your whole site!

  • Works with the latest version of WordPress.

  • Original plugin written by an experienced PHP programmer, Megan Nicholas, the code is rock solid, safe, and rigorously tested as standard practice.

  • Headless WordPress ready. REST API support allows you to submit forms from decoupled frontends, mobile apps, or any external application with proper authentication.

Hopefully this plugin will fulfil all your needs.

PHP 8 Ready

Tested on PHP 8.4

How to Use

Unless you want to change messages or add reCAPTCHA to your contact form then this plugin will work out of the box without any additional setup.

Important: Check that you have an email address set-up in your WordPress ‘Settings’->’General’ page. This is the address that the plugin will use to send the contents of the contact form.

To add the contact form to your WordPress website simply place the shortcode [cscf-contact-form] on the post or page that you wish the form to appear on.

If you have Jetpack plugin installed disable the contact form otherwise the wrong form might display.

Additional Settings

This plugin will work out of the box without any additional setup. You have the option to change the default messages that are displayed to your user and to add reCAPTCHA capabilities.

Go to the settings screen for the contact form plugin.

You will find a link to the setting screen against the entry of this plugin on the ‘Installed Plugins’ page.

Here is a list of things that you can change

  • Message: The message displayed to the user at the top of the contact form.

  • Message Sent Heading: The message heading or title displayed to the user after the message has been sent.

  • Message Sent Content: The message content or body displayed to the user after the message has been sent.

  • CSS Framework: Choose how the form is styled:

    • Bootstrap (Default): Uses Bootstrap CSS classes for full Bootstrap compatibility. Best for themes already using Bootstrap.
    • Modern (Card style): A beautiful, opinionated modern design with card-style layout, large inputs, and CSS variables for easy customization. Includes automatic dark mode support.
    • Theme Native: Uses minimal classes with WordPress’s wp-element-button for the submit button. The form inherits your theme’s native form styles.
    • Minimal: Uses semantic CSS classes only (cscf-field, cscf-input, etc.) for complete custom styling control.
  • Use this plugin’s default stylesheet: The plugin comes with a default style sheet to make the form look nice for your user. Untick this if you want to use your theme’s stylesheet instead. The default stylesheet will simply not be linked in. This option is most relevant when using the Bootstrap CSS framework.

  • Use client side validation (Ajax): When ticked the contact form will be validated and submitted on the client giving your user instant feedback if they have filled the form in incorrectly. If you wish the form to be validated and submitted only to the server then untick this option.

  • Use reCAPTCHA: Tick this option if you wish your form to have a reCAPTCHA box. ReCAPTCHA helps to avoid spam bots using your form by checking that the form filler is actually a real person. To use reCAPTCHA you will need to get a some special keys from google https://www.google.com/recaptcha/admin/create. Once you have your keys enter them into the Public key and Private key boxes

  • reCAPTCHA Public Key: Enter the public key that you obtained from here.

  • reCAPTCHA Private Key: Enter the private key that you obtained from here.

  • reCAPTCHA Theme: Here you can change the reCAPTCHA box theme so that it fits with the style of your website.

  • Recipient Emails: The email address where you would like all messages to be sent.
    This will default to the email address you have specified under ‘E-Mail Address’ in your WordPress General Settings.
    If you want your mail sent to a different address then enter it here.
    You may enter multiple email addresses by clicking the ‘+’ button.

  • Confirm Email Address: Email confirmation is now optional. To force your user to re-type their email address tick ‘Confirm Email Address’.
    It is recommended that you leave this option on. If you turn this option off your user will only have to enter their email address once,
    but if they enter it incorrectly you will have no way of getting back to them!

  • Email Subject: This is the email subject that will appear on all messages. If you would like to set it to something different then enter it here.

  • Override ‘From’ Address: If you tick this and then fill in the ‘From Address:’ box then all email will be sent from the given address NOT from the email address given by the form filler.

  • **Option to allow enquiry to email themselves a copy of the message.

  • Contact consent: This option allows you to be GDPR compliant by adding a ‘Consent to contact’ check box at the bottom of the form.

  • Enable REST API: Turn on REST API support to allow headless WordPress implementations to submit forms.

  • Required User Capability: Set the minimum WordPress user capability required to use the REST API (default: edit_posts).

REST API for Headless WordPress

This plugin includes REST API support, making it perfect for headless WordPress implementations, mobile applications, and decoupled frontend frameworks like React, Vue.js, or Angular.

Enabling REST API

  1. Go to the plugin settings page
  2. Find the “REST API Settings” section
  3. Check “Enable REST API”
  4. Set the required user capability (default: edit_posts)
  5. Save your settings

API Endpoint

POST /wp-json/cscf/v1/submit

Authentication

The REST API requires WordPress user authentication. Users must be logged in and have the capability specified in settings (default: edit_posts).

For headless implementations, you can use:
– Application Passwords (WordPress 5.6+)
– JWT Authentication plugins
– OAuth plugins
– Basic Authentication (development only)

Request Format

Send a POST request with JSON body:

`json

{
“name”: “John Doe”,
“email”: “[email protected]”,
“confirm_email”: “[email protected]”,
“message”: “Your message here”,
“phone_number”: “+1234567890”,
“contact_consent”: true,
“email_sender”: false,
“post_id”: 123
}
`

Required fields:
name: Sender’s name
email: Sender’s email address
message: The message content

Optional fields:
confirm_email: Required if email confirmation is enabled in settings
phone_number: Required if phone number is set as mandatory in settings
contact_consent: Required if contact consent is enabled in settings
email_sender: Set to true to send a copy to the sender
post_id: The ID of the page/post where the form would normally be displayed

Response Format

Success Response (200):
json
{
"success": true,
"message": "Message Sent"
}

Validation Error Response (400):
json
{
"code": "validation_failed",
"message": "Validation failed.",
"data": {
"status": 400,
"errors": {
"email": "Please enter a valid email address.",
"message": "Please enter a message."
}
}
}

Authentication Error Response (401):
json
{
"code": "rest_forbidden",
"message": "Authentication required.",
"data": {
"status": 401
}
}

Example Implementation

JavaScript (fetch API):
`javascript
const formData = {
name: “John Doe”,
email: “[email protected]”,
confirm_email: “[email protected]”,
message: “This is a test message from the REST API”
};

fetch(‘https://yoursite.com/wp-json/cscf/v1/submit’, {
method: ‘POST’,
headers: {
‘Content-Type’: ‘application/json’,
‘Authorization’: ‘Bearer YOUR_AUTH_TOKEN’
},
body: JSON.stringify(formData)
})
.then(response => response.json())
.then(data => {
if (data.success) {
console.log(‘Message sent successfully!’);
} else {
console.error(‘Validation errors:’, data.data.errors);
}
});
`

Important Notes

  • REST API is disabled by default for security
  • reCAPTCHA is bypassed for REST API submissions (authentication provides security)
  • All other form validations and spam filtering still apply
  • Form submissions via REST API are processed identically to regular submissions
  • Email notifications work the same way as standard form submissions

Demo

Demo site coming soon.

DomainExposuresHeadersLast Checked
w*n*-*a*d*r*r.com F 2026-07-08 23:15:50
a*e*o*a*a*o*.com 👤 F 2026-07-08 21:23:36
j*m*e*i*.tv (WP 7.0) D 2026-07-08 13:41:50
c*p*o*f.nl D 2026-07-08 07:32:41
m*i*b*n*f*l*t.com (WP 4.3.34) ⚠️ 👤 F 2026-07-07 22:34:20
p*e*a*n*a*r*l.pl (WP 5.2.21) ⚠️ 👤 F 2026-07-07 12:42:05
g*z*o*r*d*c*i*n*.com (WP 5.2.21) ⚠️ 👤 F 2026-07-06 23:08:48
b*n*s*b*r*.com (WP 5.7.15) ⚠️ F 2026-07-06 20:31:05
w*s*m*d*a*r*p*e.com F 2026-07-06 16:35:39
e*o*s*u*p*u*e.com (WP 5.0.25) ⚠️ 👤 F 2026-07-05 07:51:27
m*r*e*o*e*c*l*o.c*m.ar (WP 7.0) F 2026-07-04 20:34:00
l*i*h*u*t*r*o*.com F 2026-07-04 03:08:02
a*n*e*d*e*t*r*s.c*.uk 👤 F 2026-07-03 10:43:52
a*n*s*e*d*l.com (WP 3.8) ⚠️ F 2026-07-03 09:59:39
a*n*j*n*e.de (WP 3.8) ⚠️ 👤 F 2026-07-03 09:54:43
d*m*c*n*.com (WP 7.0) 👤 F 2026-07-02 21:39:52
c*r*u*-*r*n*n*e*.nl (WP 6.9.4) C 2026-06-30 14:04:37
s*r*t*g*c*n*r*a*i*e.net F 2026-06-12 15:18:11
b*b*a*h*k*r*n*.com (WP 4.7.29) ⚠️ F 2026-06-04 01:14:53
m*r*u*y*r*e*d*n*i*t*y.com (WP 7.0) F 2026-06-03 20:15:35
c*l*v*r*s.be F 2026-05-30 20:02:57
p*e*o*a*a.com (WP 5.3.21) ⚠️ F 2026-05-30 13:03:36
p*n*a*a*a*-*a*e*a*n*i*g.com (WP 6.2.9) ⚠️ F 2026-05-29 18:21:47
a*o*n*o*o*.com (WP 7.0) F 2026-05-29 16:53:18
j*y*o*d*r*i*c.com (WP 5.2.21) ⚠️ 🔓 F 2026-05-29 05:29:13
j*s*e*i*h*l*e*.com (WP 6.7.4) F 2026-05-28 18:25:22
v*k*i*l*o.com (WP 6.9.4) F 2026-05-28 10:16:18
s*e*l*n*s*o*k*u*i*o*s.c*.uk (WP 6.8.5) F 2026-05-28 04:07:39
p*o*n*x*a*c*e*y.com F 2026-05-27 23:25:57
h*s*i*e*d*n*a*.com (WP 7.0) F 2026-05-27 13:02:39
p*t*o*l*w.com (WP 6.9.4) F 2026-05-26 18:59:43
i*a*a*t*a*k*.com (WP 5.2.24) ⚠️ F 2026-05-25 21:38:28
e*a*o*i*a.com (WP 6.9.4) F 2026-05-24 15:39:37
m*n*a*p*l*t*.com (WP 5.5.18) ⚠️ F 2026-05-23 23:00:37
a*p*i*n*e*u*s*f*.com (WP 6.9.4) D 2026-05-23 15:26:05
k*p*w*r*-*a*r*t*d*o.com F 2026-05-23 13:35:50
c*r*i*u*-*e*.de (WP 6.7.5) F 2026-05-21 11:52:08
e*p*r*d*o*o*d*z.com (WP 6.9.4) F 2026-05-20 20:51:33
t*o*h*e*-*o*m*n*c*t*o*.com F 2026-05-20 11:47:57
d*p*r*m*n*o*p*r*u*s*o*.com (WP 6.9.4) F 2026-05-19 02:49:04
m*t*s*h*o*s.com F 2026-05-18 17:26:08
s*e*e*.com (WP 6.9.4) 🔓 F 2026-05-18 14:02:31
a*o*c*r*m*n*e*.com (WP 6.9.4) F 2026-05-18 01:25:33
s*i*h*l*d*s*.com (WP 6.2.9) ⚠️ F 2026-05-15 11:24:51
t*o*o*e*f*l*s.com (WP 6.7) F 2026-05-14 15:17:10
h*n*w*l*d*s*g*.com F 2026-05-14 04:43:34
c*i*a*i*n*o*t.com F 2026-05-14 02:41:41
k*t*m*o*.com (WP 6.7.5) D 2026-05-13 18:32:29
j*h*b*d*e*a*.com (WP 6.9.4) 🔓 F 2026-05-13 17:21:37

Top 50 Plugins

Plugin Count
elementor 1,807,721
contact-form-7 1,796,893
elementor-pro 1,067,523
woocommerce 827,363
revslider 625,316
jetpack 470,104
js_composer 433,830
wp-rocket 343,451
essential-addons-for-elementor-lite 272,415
complianz-gdpr 267,763
gravityforms 260,816
cookie-law-info 236,759
instagram-feed 231,343
google-site-kit 230,140
sitepress-multilingual-cms 217,225
header-footer-elementor 213,263
google-analytics-for-wordpress 212,901
bluehost-wordpress-plugin 192,956
elementskit-lite 186,278
gutenberg 167,819
cookie-notice 156,013
gutenberg-core 151,581
litespeed-cache 139,382
wpforms-lite 130,450
gtranslate 128,777
the-events-calendar 126,677
astra-sites 119,854
popup-maker 114,236
woocommerce-payments 113,617
tablepress 103,751
honeypot 100,002
coblocks 97,700
astra-addon 96,521
wp-smushit 93,720
all-in-one-seo-pack 93,139
layerslider 92,597
duracelltomi-google-tag-manager 92,569
bb-plugin 88,132
premium-addons-for-elementor 87,189
akismet 86,816
cleantalk-spam-protect 85,007
mailchimp-for-wp 84,468
ml-slider 83,024
megamenu 82,541
woocommerce-gateway-stripe 81,927
fusion-builder 79,366
smart-slider-3 78,170
ewww-image-optimizer 77,671
formidable 77,572
wp-pagenavi 77,527

Top 50 Themes

Theme Count
hello-elementor 630,037
Divi 514,888
astra 428,601
flatsome 133,845
Avada 124,766
generatepress 119,112
pub 104,973
oceanwp 84,130
kadence 81,045
enfold 72,402
salient 67,217
twentyseventeen 56,002
twentytwentyfour 53,828
betheme 53,427
bb-theme 53,306
h4 52,228
blocksy 51,781
cocoon-master 50,982
dt-the7 46,796
twentytwentyfive 45,031
neve 39,640
Avada-Child-Theme 37,799
woodmart 37,063
gox 36,472
bridge 33,048
twentytwentyone 31,608
lightning 30,185
twentytwenty 29,674
swell 28,376
Impreza 26,704
bricks 26,566
Newspaper 24,662
twentytwentythree 23,387
twentytwentytwo 19,759
epik-redesign 19,737
uncode 19,261
twentysixteen 17,997
pro 17,774
sydney 17,077
storefront 16,873
Total 14,933
extendable 14,685
hello-theme-child-master 14,120
factory-templates-4 13,748
yith-wonder 13,353
themify-ultra 13,294
yootheme 13,052
hestia 12,990
porto 12,196
twentynineteen 11,998