Does Addon Stripe with contact form 7 have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Addon Stripe with contact form 7 compatible with WordPress 6.9.4?

According to WordPress.org data, Addon Stripe with contact form 7 1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Addon Stripe with contact form 7 updated?

Addon Stripe with contact form 7 was last updated on Jan 31, 2026. Frequent updates are generally a positive security signal.

What is Addon Stripe with contact form 7's security score?

Addon Stripe with contact form 7 has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Addon Stripe with contact form 7 Security & Risk Analysis

wordpress.org/plugins/addon-stripe-with-contact-form-7

Stripe with contact form 7 this plugin allow stripe payment gatway integrate with contcatform 7

10 active installs v1.0 PHP + WP 5.5+ Updated Jan 31, 2026

contact-form-7-stripestripestripe-with-contact-form-7

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Addon Stripe with contact form 7 Safe to Use in 2026?

Generally Safe

Score 100/100

Addon Stripe with contact form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The plugin exhibits a mixed security posture. While the attack surface is relatively small with no apparent vulnerabilities in its AJAX handlers or REST API routes lacking authentication, several code signals raise significant concerns. The presence of 14 dangerous functions, most notably 'unserialize', and the fact that 100% of its 19 SQL queries do not use prepared statements are critical weaknesses. The taint analysis also identified one high-severity flow with unsanitized paths, indicating a potential for data manipulation or execution vulnerabilities. Although the plugin has no recorded vulnerability history, this does not negate the risks identified in the static analysis. The lack of capability checks and a substantial number of unescaped outputs further contribute to potential security flaws. Overall, the plugin has strengths in its limited entry points and lack of historical CVEs, but significant weaknesses in its handling of data and database interactions require immediate attention.

Key Concerns

Dangerous functions detected (unserialize)
SQL queries without prepared statements
High severity taint flow with unsanitized paths
Low percentage of properly escaped output
No capability checks on entry points

Vulnerabilities

None known

Addon Stripe with contact form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Addon Stripe with contact form 7 Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

Addon Stripe with contact form 7 Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

167 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$heading_row = unserialize( $heading_row->form_value );main\backend\cfyspay-backend.php:115

unserialize$resultTmp = unserialize( $result->form_value );main\backend\cfyspay-backend.php:138

unserialize$first_row = isset($results[0]) ? unserialize( $results[0]->form_value ): 0 ;main\backend\cfyspay-backend.php:307

unserialize$form_value = unserialize( $result->form_value );main\backend\cfyspay-backend.php:389

unserialize$result_values = unserialize($result_value);main\backend\cfyspay-backend.php:456

unserialize$result_values = unserialize( $result_value );main\backend\cfyspay-backend.php:488

unserialize$result_values = unserialize( $result_value );main\backend\cfyspay-backend.php:502

unserialize<?php $form_data = unserialize( $results[0]->form_value );main\backend\cfyspay-backend.php:614

unserialize$table_price_array = unserialize($stripe_table_prices);main\backend\cfyspay-cf7-panel.php:347

unserialize$table_qunty_array = unserialize($stripe_table_qunty);main\backend\cfyspay-cf7-panel.php:348

unserialize$table_price_array = unserialize($stripe_table_prices);main\backend\cfyspay-cf7-panel.php:715

unserialize$table_qunty_array = unserialize($stripe_table_qunty);main\backend\cfyspay-cf7-panel.php:717

unserialize$heading_row = unserialize( $heading_row->form_value );main\backend\cfyspay-export-csv.php:63

unserialize$resultTmp = unserialize( $result->form_value );main\backend\cfyspay-export-csv.php:88

SQL Query Safety

0% prepared19 total queries

Output Escaping

66% escaped254 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

bulk_actions (main\backend\cfyspay-backend.php:543)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Addon Stripe with contact form 7 Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_cf7spay_stripe_chargemain\backend\cfyspay-cf7-panel.php:1018

noprivwp_ajax_cf7spay_stripe_chargemain\backend\cfyspay-cf7-panel.php:1019

WordPress Hooks 16

actionadmin_menumain\backend\cfyspay-backend.php:2

actioninitmain\backend\cfyspay-backend.php:105

filterwpcf7_editor_panelsmain\backend\cfyspay-cf7-panel.php:2

actionwpcf7_after_savemain\backend\cfyspay-cf7-panel.php:457

filterwpcf7_feedback_responsemain\backend\cfyspay-cf7-panel.php:583

actionwp_footermain\backend\cfyspay-cf7-panel.php:832

actioninitmain\backend\cfyspay-export-csv.php:126

actionwpcf7_initmain\backend\cfyspay-payment.php:3

actioninitmain\resources\cfyspay-createtable.php:25

actionadmin_initmain\resources\cfyspay-installation-require.php:3

actionadmin_noticesmain\resources\cfyspay-installation-require.php:6

actionplugins_loadedmain\resources\cfyspay-language.php:3

filterload_textdomain_mofilemain\resources\cfyspay-language.php:16

actionwp_enqueue_scriptsmain\resources\cfyspay-load-js-css.php:3

actionadmin_enqueue_scriptsmain\resources\cfyspay-load-js-css.php:12

filterplugin_row_metastripe-with-contact-form-7.php:52

Maintenance & Trust

Addon Stripe with contact form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 31, 2026

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Addon Stripe with contact form 7 Alternatives

WooCommerce Stripe Payment Gateway

woocommerce-gateway-stripe

Accept debit and credit cards in 135+ currencies, many local methods like Alipay, ACH, and SEPA, and express checkout with Apple Pay and Google Pay.

700K 4 CVEs

PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

pretty-link

🌠 The best WordPress link management, branding, tracking, sharing and payments plugin. Easily make pretty & trackable shortlinks. 🔗

300K 8 CVEs

Payment Plugins for Stripe WooCommerce

woo-stripe-payment

100

Accept Credit Cards, Google Pay, ApplePay, Afterpay, Affirm, ACH, Klarna, iDEAL and more all in one plugin for free!

100K No CVEs

SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

surecart

Make ecommerce easy with a simple-to-use, all-in-one platform that anyone can set up in just a few minutes!

90K 3 CVEs

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

easy-digital-downloads

The #1 eCommerce plugin to sell digital products & subscriptions. Accept payments with Stripe & PayPal. Sell ebooks, software & more.

40K 40 CVEs

Developer Profile

Addon Stripe with contact form 7 Developer Profile

silverplugins217

21 plugins · 11K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

10 days

View full developer profile

Detection Fingerprints

How We Detect Addon Stripe with contact form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/addon-stripe-with-contact-form-7/includes/css/front_style.css/wp-content/plugins/addon-stripe-with-contact-form-7/includes/js/front.js/wp-content/plugins/addon-stripe-with-contact-form-7/includes/css/back_style.css/wp-content/plugins/addon-stripe-with-contact-form-7/includes/js/back_script.js

Script Paths

https://js.stripe.com/v3/

Version Parameters

/addon-stripe-with-contact-form-7/includes/css/front_style.css?ver=/addon-stripe-with-contact-form-7/includes/js/front.js?ver=/addon-stripe-with-contact-form-7/includes/css/back_style.css?ver=/addon-stripe-with-contact-form-7/includes/js/back_script.js?ver=

HTML / DOM Fingerprints

CSS Classes

cf7wpay_paypal_main

JS Globals

CF7SPAY_name

Shortcode Output

[payment payment]

FAQ