Does CF7 to Airtable have any unpatched vulnerabilities?

No. All known vulnerabilities in CF7 to Airtable have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CF7 to Airtable compatible with WordPress 6.9.4?

According to WordPress.org data, CF7 to Airtable 2.5.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is CF7 to Airtable compatible with PHP 7.4+?

CF7 to Airtable requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CF7 to Airtable updated?

CF7 to Airtable was last updated on Feb 24, 2026. Frequent updates are generally a positive security signal.

What is CF7 to Airtable's security score?

CF7 to Airtable has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CF7 to Airtable Security & Risk Analysis

wordpress.org/plugins/add-on-cf7-for-airtable

Connect Contact Form 7 to Airtable. Automatically sync form entries with Airtable, including custom fields, for seamless data management.

400 active installs v2.5.0 PHP 7.4+ WP 6.0+ Updated Feb 24, 2026

airtableapicontactform7formswpconnect

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is CF7 to Airtable Safe to Use in 2026?

Generally Safe

Score 100/100

CF7 to Airtable has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'add-on-cf7-for-airtable' plugin version 2.5.0 exhibits a generally good security posture due to its adherence to several secure coding practices. The absence of known CVEs and a clean vulnerability history are significant strengths, suggesting a stable and well-maintained codebase. Furthermore, the plugin demonstrates a commitment to secure database interactions by exclusively using prepared statements for SQL queries and shows a high degree of output escaping, minimizing the risk of cross-site scripting (XSS) vulnerabilities. The taint analysis also reveals no critical or high-severity unsanitized flows, indicating that user-supplied data is not being mishandled in a way that could lead to immediate code execution or data breaches.

However, there are notable areas of concern. The plugin exposes one AJAX handler that lacks any authentication checks, creating a direct entry point for unauthenticated users. This is a significant security weakness that could be exploited to trigger unintended actions or reveal information. While the overall attack surface is small, this single unprotected entry point warrants attention. The limited capability checks (zero) also suggest that authorization might not be granularly enforced, potentially allowing users with lower privileges to access functionalities they shouldn't. The presence of file operations and external HTTP requests, while not inherently problematic, are potential vectors for vulnerabilities if not handled with extreme care, especially when combined with the lack of robust authorization checks on the AJAX endpoint.

In conclusion, the plugin's strengths lie in its secure database practices and extensive output escaping, supported by a clean historical record of vulnerabilities. The primary weaknesses revolve around a single unprotected AJAX endpoint and a potential lack of authorization enforcement. Addressing the unprotected AJAX handler should be the immediate priority to improve the plugin's overall security, even though the current taint analysis and vulnerability history are positive.

Key Concerns

Unprotected AJAX handler
Zero capability checks

Vulnerabilities

None known

CF7 to Airtable Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CF7 to Airtable Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

129 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

93% escaped138 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

fetch_airtable_tables_callback (includes\hooks.php:73)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

CF7 to Airtable Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_fetch_airtable_tablesincludes\hooks.php:83

WordPress Hooks 43

actionadmin_noticesadd-on-cf7-for-airtable.php:38

actionplugins_loadedadd-on-cf7-for-airtable.php:55

actionactivate_pluginadd-on-cf7-for-airtable.php:106

actioninitadd-on-cf7-for-airtable.php:123

actionadmin_enqueue_scriptsadd-on-cf7-for-airtable.php:160

actionadmin_enqueue_scriptsadd-on-cf7-for-airtable.php:176

actioninitincludes\classes\class-wpcf7-airtable-language-packs.php:61

filtertranslations_apiincludes\classes\class-wpcf7-airtable-language-packs.php:64

actionset_site_transient_update_pluginsincludes\classes\class-wpcf7-airtable-language-packs.php:142

actiondelete_site_transient_update_pluginsincludes\classes\class-wpcf7-airtable-language-packs.php:143

actionset_site_transient_update_themesincludes\classes\class-wpcf7-airtable-language-packs.php:144

actiondelete_site_transient_update_themesincludes\classes\class-wpcf7-airtable-language-packs.php:145

actionadmin_noticesincludes\classes\class-wpcf7-airtable-service.php:61

actionadd-on-cf7-for-airtable/after-airtable-saveincludes\fields.php:390

actionadmin_noticesincludes\functions.php:98

actionadmin_initincludes\functions.php:114

filterwpcf7_form_tagincludes\functions.php:161

actionadmin_noticesincludes\helpers.php:401

actionadmin_noticesincludes\helpers.php:411

actionadmin_noticesincludes\helpers.php:439

actionadd-on-cf7-for-airtable/plugin-activatedincludes\hooks.php:18

actionwpcf7_initincludes\hooks.php:21

filterwpcf7_pre_construct_contact_form_propertiesincludes\hooks.php:28

filterwpcf7_editor_panelsincludes\hooks.php:30

actionwpcf7_save_contact_formincludes\hooks.php:32

filteradd-on-cf7-for-airtable/wpcf7-field-mapper/fieldsincludes\hooks.php:38

filteradd-on-cf7-for-airtable/wpcf7-field-mapper/fieldsincludes\hooks.php:39

filteradd-on-cf7-for-airtable/wpcf7-field-mapper/fieldsincludes\hooks.php:40

filteradd-on-cf7-for-airtable/wpcf7-field-mapper/fieldsincludes\hooks.php:41

filteradd-on-cf7-for-airtable/wpcf7-field-mapper/fieldsincludes\hooks.php:42

filteradd-on-cf7-for-airtable/wpcf7-field-mapper/fieldsincludes\hooks.php:43

filteradd-on-cf7-for-airtable/wpcf7-field-mapper/fieldsincludes\hooks.php:44

filteradd-on-cf7-for-airtable/wpcf7-field-mapper/fieldsincludes\hooks.php:45

filteradd-on-cf7-for-airtable/wpcf7-field-mapper/fieldsincludes\hooks.php:46

filteradd-on-cf7-for-airtable/wpcf7-field-mapper/fieldsincludes\hooks.php:47

filteradd-on-cf7-for-airtable/wpcf7-field-mapper/fieldsincludes\hooks.php:48

filteradd-on-cf7-for-airtable/wpcf7-field-mapper/fieldsincludes\hooks.php:49

filteradd-on-cf7-for-airtable/wpcf7-field-mapper/fieldsincludes\hooks.php:50

filteradd-on-cf7-for-airtable/wpcf7-field-mapper/fieldsincludes\hooks.php:51

filteradd-on-cf7-for-airtable/wpcf7-field-mapper/fieldsincludes\hooks.php:52

actionwpcf7_before_send_mailincludes\hooks.php:59

actionadd-on-cf7-for-airtable/delete-upload-filesincludes\hooks.php:62

actionadmin_initincludes\hooks.php:117

Scheduled Events 1

add-on-cf7-for-airtable/delete-upload-files

Maintenance & Trust

CF7 to Airtable Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 24, 2026

PHP min version7.4

Downloads9K

Community Trust

Rating100/100

Number of ratings8

Active installs400

Alternatives

CF7 to Airtable Alternatives

CF7 to Notion

add-on-cf7-for-notion

100

Connect Contact Form 7 to Notion. Sync form entries with Notion, including custom fields, for efficient data management.

400 No CVEs

Contact Form 7 Signature Addon

contact-form-7-signature-addon

Easily add an handwritten signature field to Contact Form 7

6K No CVEs

Address Autocomplete via Google for Gravity Forms

gf-google-address-autocomplete

A simple and nice plugin to get auto suggestion from google place api in gravity form address field.

2K 1 CVE

Air WP Sync – Airtable to WordPress

air-wp-sync

100

Swiftly sync Airtable to your WordPress website!

1K No CVEs

Quform Zapier

quform-zapier

100

Easily integrate Zapier with Quform forms.

1K No CVEs

Developer Profile

CF7 to Airtable Developer Profile

WP connect

6 plugins · 4K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

12 days

View full developer profile

Detection Fingerprints

How We Detect CF7 to Airtable

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/add-on-cf7-for-airtable/assets/style/style.css/wp-content/plugins/add-on-cf7-for-airtable/assets/js/admin.min.js

Script Paths

/wp-content/plugins/add-on-cf7-for-airtable/assets/js/admin.min.js

Version Parameters

add-on-cf7-for-airtable/assets/style/style.css?ver=add-on-cf7-for-airtable/assets/js/admin.min.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-wpcf7-airtable-field-map

JS Globals

WPCF7_Airtable_Admin

FAQ