WP-Safety

Accept 2Checkout Payments Using Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/accept-2checkout-payments-using-contact-form-7

The 2Checkout Payment system provides a secure, simple means of authorizing credit and debit card transactions from your website.

10 active installs v1.7 PHP 5.6+ WP 3.0.1+ Updated Dec 16, 2025
2checkoutcontact-form-7e-commercepayment-gatewaywordpress
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Accept 2Checkout Payments Using Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 100/100

Accept 2Checkout Payments Using Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The plugin "accept-2checkout-payments-using-contact-form-7" v1.7 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and having no recorded vulnerabilities, it also presents notable concerns. The presence of the `unserialize` function is a significant risk, as it can lead to remote code execution if processing untrusted data. Furthermore, the plugin exposes two AJAX handlers without any authentication checks, creating a substantial attack surface for unauthorized actions or information disclosure. The taint analysis indicates that all analyzed flows involve unsanitized paths, although no critical or high-severity issues were identified in this specific analysis. The lack of recorded vulnerabilities is a positive sign, suggesting a history of security awareness or limited exposure, but the identified code signals, particularly the unprotected AJAX endpoints and the use of `unserialize`, warrant careful attention and mitigation.

Key Concerns

  • AJAX handlers without authentication
  • Use of dangerous function: unserialize
  • Flows with unsanitized paths (3 total)
  • Missing nonce checks on AJAX
  • Low percentage of properly escaped output (67%)
Vulnerabilities
None known

Accept 2Checkout Payments Using Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Accept 2Checkout Payments Using Contact Form 7 Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
0 prepared
Unescaped Output
47
96 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$attachment = ( !empty( get_post_meta( $post->ID, '_attachment', true ) ) ? unserialize( get_post_meinc\admin\class.cf72ch.admin.action.php:412
unserialize$data = unserialize( get_post_meta( $post->ID, $key, true ) );inc\admin\class.cf72ch.admin.action.php:494
unserialize$data = unserialize( get_post_meta( $post_id, '_form_data', true ) );inc\admin\class.cf72ch.admin.action.php:573

Bundled Libraries

Select2

Output Escaping

67% escaped143 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
action__cf72ch_restrict_manage_posts (inc\admin\class.cf72ch.admin.action.php:272)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Accept 2Checkout Payments Using Contact Form 7 Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_cf72ch_review_doneinc\admin\class.cf72ch.admin.action.php:38
noprivwp_ajax_cf72ch_review_doneinc\admin\class.cf72ch.admin.action.php:39
WordPress Hooks 22
actioninitinc\admin\class.cf72ch.admin.action.php:24
actionadd_meta_boxesinc\admin\class.cf72ch.admin.action.php:25
actionwpcf7_save_contact_forminc\admin\class.cf72ch.admin.action.php:28
actionpre_get_postsinc\admin\class.cf72ch.admin.action.php:32
actionrestrict_manage_postsinc\admin\class.cf72ch.admin.action.php:33
actionparse_queryinc\admin\class.cf72ch.admin.action.php:34
actionplugins_loadedinc\admin\class.cf72ch.admin.action.php:582
filterwpcf7_editor_panelsinc\admin\class.cf72ch.admin.filter.php:24
filterpost_row_actionsinc\admin\class.cf72ch.admin.filter.php:25
actionplugins_loadedinc\admin\class.cf72ch.admin.filter.php:187
actionadmin_menuinc\admin\class.cf72ch.admin.php:26
actionplugins_loadedinc\admin\class.cf72ch.admin.php:68
actionplugins_loadedinc\class.cf72ch.php:42
actionadmin_noticesinc\class.cf72ch.php:54
actioninitinc\class.cf72ch.php:65
actionwpcf7_admin_initinc\class.cf72ch.php:126
actionwp_enqueue_scriptsinc\front\class.cf72ch.front.action.php:24
actionplugins_loadedinc\front\class.cf72ch.front.action.php:74
actionplugins_loadedinc\front\class.cf72ch.front.filter.php:49
filterquery_varsinc\front\class.cf72ch.front.php:31
filtertemplate_includeinc\front\class.cf72ch.front.php:32
actionplugins_loadedinc\front\class.cf72ch.front.php:103
Maintenance & Trust

Accept 2Checkout Payments Using Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 16, 2025
PHP min version5.6
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Accept 2Checkout Payments Using Contact Form 7 Alternatives

NeroPAY Payment Gateway

NeroPAY Payment Gateway

neropay-payment-gateway-wallet

A
92

NeroPAY Payment Gateway plugin for WordPress enables secure, fast, and reliable payment processing for your WooCommerce store.

10 No CVEs
Country & Phone Field Contact Form 7

Country & Phone Field Contact Form 7

country-phone-field-contact-form-7

A
100

Add country drop down with flags and phone number with country phone extension fields in contact form 7.

40K No CVEs
Braintree for WooCommerce Payment Gateway

Braintree for WooCommerce Payment Gateway

woocommerce-gateway-paypal-powered-by-braintree

A
100

Accept PayPal, Credit Cards, and Debit Cards on your WooCommerce store.

10K No CVEs
Spam Protect for Contact Form 7

Spam Protect for Contact Form 7

wp-contact-form-7-spam-blocker

A
100

Spam Protect for Contact-Form7 protects from spam and bots. Customize defense strategies and monitor blocked attempts. Protect your time effectively!

10K No CVEs
Nexi XPay

Nexi XPay

cartasi-x-pay

A
100

XPay is the payment gateway provided by Nexi, a leading group in Italy with the goal of shaping the future of digital payments.

6K No CVEs
Developer Profile

Accept 2Checkout Payments Using Contact Form 7 Developer Profile

ZealousWeb

18 plugins · 7K total installs

87
trust score
Avg Security Score
98/100
Avg Patch Time
88 days
View full developer profile
Detection Fingerprints

How We Detect Accept 2Checkout Payments Using Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/accept-2checkout-payments-using-contact-form-7/assets/css/admin.min.css/wp-content/plugins/accept-2checkout-payments-using-contact-form-7/assets/js/admin.min.js/wp-content/plugins/accept-2checkout-payments-using-contact-form-7/assets/js/bootstrap.min.js/wp-content/plugins/accept-2checkout-payments-using-contact-form-7/assets/js/cookie.min.js/wp-content/plugins/accept-2checkout-payments-using-contact-form-7/assets/css/select2.min.css/wp-content/plugins/accept-2checkout-payments-using-contact-form-7/assets/js/select2.min.js/wp-content/plugins/accept-2checkout-payments-using-contact-form-7/assets/js/order-retrive.js
Script Paths
/wp-content/plugins/accept-2checkout-payments-using-contact-form-7/assets/js/admin.min.js/wp-content/plugins/accept-2checkout-payments-using-contact-form-7/assets/js/bootstrap.min.js/wp-content/plugins/accept-2checkout-payments-using-contact-form-7/assets/js/cookie.min.js/wp-content/plugins/accept-2checkout-payments-using-contact-form-7/assets/js/select2.min.js/wp-content/plugins/accept-2checkout-payments-using-contact-form-7/assets/js/order-retrive.js
Version Parameters
accept-2checkout-payments-using-contact-form-7/assets/css/admin.min.css?ver=accept-2checkout-payments-using-contact-form-7/assets/js/admin.min.js?ver=accept-2checkout-payments-using-contact-form-7/assets/js/bootstrap.min.js?ver=accept-2checkout-payments-using-contact-form-7/assets/js/cookie.min.js?ver=accept-2checkout-payments-using-contact-form-7/assets/css/select2.min.css?ver=accept-2checkout-payments-using-contact-form-7/assets/js/select2.min.js?ver=accept-2checkout-payments-using-contact-form-7/assets/js/order-retrive.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- Do you need help for configuration? -->
JS Globals
window.cf72ch_review_donewindow.frontend_ajax_objectvar frontend_ajax_object
FAQ

Frequently Asked Questions about Accept 2Checkout Payments Using Contact Form 7