The BuddyForms plugin for WordPress is not safe to use in versions up to and including 2.7.2. People with “”contributor-level permissions and above”” can put harmful web scripts in pages which will run when someone views the page. This could be used to harm the website or the person viewing the page.