Does Advanced Contact form 7 DB have any unpatched vulnerabilities?

No. All known vulnerabilities in Advanced Contact form 7 DB have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Advanced Contact form 7 DB compatible with WordPress 6.7.5?

According to WordPress.org data, Advanced Contact form 7 DB 2.0.9 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Advanced Contact form 7 DB compatible with PHP 7.4+?

Advanced Contact form 7 DB requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Advanced Contact form 7 DB updated?

Advanced Contact form 7 DB was last updated on Apr 1, 2025. Frequent updates are generally a positive security signal.

What is Advanced Contact form 7 DB's security score?

Advanced Contact form 7 DB has a WP-Safety security score of 83/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Advanced Contact form 7 DB Security & Risk Analysis

wordpress.org/plugins/advanced-cf7-db

Save all contact form 7 form submitted data to the database, View, Ordering, Change field labels and Import/Export data using CSV.

70K active installs v2.0.9 PHP 7.4+ WP 4.0+ Updated Apr 1, 2025

advanced-cf7-dbcontact-form-7contact-form-7-dbcontact-form-dbdatabase

B · Generally Safe

CVEs total6

Unpatched0

Last CVEJun 10, 2024

Plugin page Download

Safety Verdict

Is Advanced Contact form 7 DB Safe to Use in 2026?

Mostly Safe

Score 83/100

Advanced Contact form 7 DB is generally safe to use though it hasn't been updated recently. 6 past CVEs were resolved. Keep it updated.

6 known CVEsLast CVE: Jun 10, 2024Updated 1yr ago

Risk Assessment

The plugin 'advanced-cf7-db' v2.0.9 presents a mixed security posture. While it demonstrates good practices with a high percentage of prepared SQL statements and properly escaped output, significant concerns remain. The static analysis reveals an attack surface with three unprotected AJAX handlers, indicating potential vulnerabilities if these handlers do not properly validate user input or permissions. Furthermore, the taint analysis highlights three flows with unsanitized paths, flagged as high severity, which could lead to critical security issues like SQL injection or cross-site scripting if these paths are exposed to user input without proper sanitization.

The plugin's historical vulnerability record is concerning, with six known CVEs across various severity levels, including one critical and two high. The common types of vulnerabilities (Missing Authorization, XSS, SQL Injection) directly correlate with the findings in the static and taint analysis, suggesting recurring weaknesses in input validation and authorization. The fact that there are currently no unpatched CVEs is a positive sign, but the history of critical and high-severity vulnerabilities necessitates caution. The bundled Freemius library at v1.0 may also be outdated and a potential source of vulnerabilities.

In conclusion, while the plugin has made strides in secure coding practices like prepared statements and output escaping, the unprotected AJAX endpoints, high-severity taint flows, and a history of critical and high-severity vulnerabilities prevent it from being considered highly secure. The potential for exploitation through the identified attack surface and unsanitized taint flows is a significant risk.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized taint flows
Bundled outdated library (Freemius v1.0)
History of critical severity CVEs
History of high severity CVEs
Common vulnerability types: Missing Authorization
Common vulnerability types: XSS
Common vulnerability types: SQL Injection

Vulnerabilities

Advanced Contact form 7 DB Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

1 CVE in 2020

2020

2 CVEs in 2022

2022

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

6 total CVEs

CVE-2024-4319medium · 5.3Missing Authorization

Advanced Contact form 7 DB <= 2.0.2 - Missing Authorization to Unauthenticated Information Disclosure

Jun 10, 2024 Patched in 2.0.3 (31d)

CVE-2024-3723medium · 5.3Insecure Storage of Sensitive Information

Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure

Jun 10, 2024 Patched in 2.0.3 (31d)

CVE-2022-29408medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Contact form 7 DB <= 1.8.7 - Stored Cross-Site Scripting

Apr 21, 2022 Patched in 1.8.8 (641d)

CVE-2021-24905high · 8.8Incorrect Authorization

Advanced Contact form 7 DB <= 1.8.6 - Authenticated Arbitrary File Deletion

Feb 22, 2022 Patched in 1.8.7 (700d)

CVE-2019-13571critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advanced Contact Form 7 DB <= 1.6.2 - SQL Injection

Sep 22, 2020 Patched in 1.7.0 (1218d)

WF-bf70f652-5244-421c-8ee6-75719315ed64-advanced-cf7-dbhigh · 8.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advanced Contact form 7 DB <= 1.6.0 - SQL Injection

Apr 11, 2019 Patched in 1.6.1 (1748d)

Code Analysis

Analyzed Mar 16, 2026

Advanced Contact form 7 DB Code Analysis

Dangerous Functions

Raw SQL Queries

98 prepared

Unescaped Output

495 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

96% prepared102 total queries

Output Escaping

97% escaped511 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

7 flows3 with unsanitized paths

vsz_cf7_after_datesection_btn_callback (admin\class-advanced-cf7-db-admin.php:335)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Advanced Contact form 7 DB Attack Surface

Entry Points5

Unprotected3

AJAX Handlers 3

authwp_ajax_vsz_cf7_edit_form_valueincludes\class-advanced-cf7-db.php:194

authwp_ajax_acf7_db_edit_scr_file_uploadincludes\class-advanced-cf7-db.php:209

authwp_ajax_acf7_db_edit_scr_file_deleteincludes\class-advanced-cf7-db.php:212

Shortcodes 2

[cf7-db-display-ip] admin\class-advanced-cf7-db-admin.php:1158

[acf7db] public\class-advanced-cf7-db-public.php:106

WordPress Hooks 25

filterconnect_message_on_updateadvanced-cf7-db.php:71

filterplugin_iconadvanced-cf7-db.php:76

actioninitadvanced-cf7-db.php:207

actionplugins_loadedincludes\class-advanced-cf7-db.php:145

actionadmin_enqueue_scriptsincludes\class-advanced-cf7-db.php:160

actionadmin_enqueue_scriptsincludes\class-advanced-cf7-db.php:161

actionadmin_menuincludes\class-advanced-cf7-db.php:164

filtervsz_cf7_admin_fieldsincludes\class-advanced-cf7-db.php:167

actionvsz_cf7_after_bulkaction_btnincludes\class-advanced-cf7-db.php:170

actionvsz_cf7_after_datesection_btnincludes\class-advanced-cf7-db.php:173

actionvsz_cf7_display_settings_btnincludes\class-advanced-cf7-db.php:176

actionvsz_cf7_admin_after_heading_fieldincludes\class-advanced-cf7-db.php:180

actionvsz_cf7_admin_after_body_fieldincludes\class-advanced-cf7-db.php:183

actionvsz_cf7_after_admin_formincludes\class-advanced-cf7-db.php:186

actionvsz_cf7_after_admin_formincludes\class-advanced-cf7-db.php:188

actionadmin_initincludes\class-advanced-cf7-db.php:191

filtervsz_cf7_not_editable_fieldsincludes\class-advanced-cf7-db.php:197

actionwpmu_new_blogincludes\class-advanced-cf7-db.php:200

actionplugins_loadedincludes\class-advanced-cf7-db.php:203

actionsave_postincludes\class-advanced-cf7-db.php:206

actionadmin_enqueue_scriptsincludes\class-advanced-cf7-db.php:226

actionadmin_enqueue_scriptsincludes\class-advanced-cf7-db.php:227

actionafter_setup_themeincludes\class-advanced-cf7-db.php:230

actionwpcf7_before_send_mailincludes\vsz-cf7-db-function.php:9

filtervsz_cf7_modify_form_before_insert_dataincludes\vsz-cf7-db-function.php:136

Maintenance & Trust

Advanced Contact form 7 DB Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedApr 1, 2025

PHP min version7.4

Downloads1.1M

Community Trust

Rating90/100

Number of ratings43

Active installs70K

Alternatives

Advanced Contact form 7 DB Alternatives

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs

Form Vibes – Database Manager for Forms

form-vibes

Never miss a single lead! Save and manage all Contact Form 7 and Elementor form submissions easily. View, Export, Analyze and Filter submissions.

10K 4 CVEs

Contact Form 7 Database Manager Addon – CF7DBM

form-data-manager

Save contact form 7 submissions to the WP database with this CF7 addon. Never lose important messages, leads, and requests again.

200 No CVEs

WP Contact Form 7 DB Handler

wp-contact-form-7-db-handler

100

Store all your contact form 7 submission and easily access it. you can also filter and export it!

100 No CVEs

Contact Form Dashboard

contact-form-dashboard

CFD stores, organizes and presents all the submissions of the Contact Form 7 in a simplest way. It supports other interesting features like - Dashboard Analytics, Bulk emails / replies handling; Search, sort and export messages.

80 No CVEs

Developer Profile

Advanced Contact form 7 DB Developer Profile

Vsourz Digital

8 plugins · 78K total installs

trust score

Avg Security Score

80/100

Avg Patch Time

845 days

View full developer profile

Detection Fingerprints

How We Detect Advanced Contact form 7 DB

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/advanced-cf7-db/css/main.css/wp-content/plugins/advanced-cf7-db/css/bootstrap.min.css/wp-content/plugins/advanced-cf7-db/css/jquery.dataTables.min.css/wp-content/plugins/advanced-cf7-db/css/responsive.dataTables.min.css/wp-content/plugins/advanced-cf7-db/css/buttons.dataTables.min.css/wp-content/plugins/advanced-cf7-db/css/select2.min.css/wp-content/plugins/advanced-cf7-db/css/bootstrap-select.min.css/wp-content/plugins/advanced-cf7-db/css/codemirror.css+15 more

Script Paths

/wp-content/plugins/advanced-cf7-db/js/bootstrap.min.js/wp-content/plugins/advanced-cf7-db/js/jquery.dataTables.min.js/wp-content/plugins/advanced-cf7-db/js/dataTables.responsive.min.js/wp-content/plugins/advanced-cf7-db/js/dataTables.buttons.min.js/wp-content/plugins/advanced-cf7-db/js/buttons.html5.min.js/wp-content/plugins/advanced-cf7-db/js/buttons.print.min.js+8 more

Version Parameters

advanced-cf7-db/css/main.css?ver=advanced-cf7-db/css/bootstrap.min.css?ver=advanced-cf7-db/css/jquery.dataTables.min.css?ver=advanced-cf7-db/css/responsive.dataTables.min.css?ver=advanced-cf7-db/css/buttons.dataTables.min.css?ver=advanced-cf7-db/css/select2.min.css?ver=advanced-cf7-db/css/bootstrap-select.min.css?ver=advanced-cf7-db/css/codemirror.css?ver=advanced-cf7-db/css/addon.css?ver=advanced-cf7-db/js/bootstrap.min.js?ver=advanced-cf7-db/js/jquery.dataTables.min.js?ver=advanced-cf7-db/js/dataTables.responsive.min.js?ver=advanced-cf7-db/js/dataTables.buttons.min.js?ver=advanced-cf7-db/js/buttons.html5.min.js?ver=advanced-cf7-db/js/buttons.print.min.js?ver=advanced-cf7-db/js/select2.min.js?ver=advanced-cf7-db/js/bootstrap-select.min.js?ver=advanced-cf7-db/js/moment.min.js?ver=advanced-cf7-db/js/codemirror.js?ver=advanced-cf7-db/js/jquery.form.min.js?ver=advanced-cf7-db/js/jquery.validate.min.js?ver=advanced-cf7-db/js/main.js?ver=advanced-cf7-db/js/admin-main.js?ver=

HTML / DOM Fingerprints

CSS Classes

adcfdb_tabledataTables_wrapperselect2-containerbootstrap-select

HTML Comments

+5 more

Data Attributes

data-columndata-entry-id

JS Globals

adcfdb_varsadcfdb_tableadcfdb_dt_columns

REST Endpoints

/wp-json/advanced-cf7-db/v1/get-entries/wp-json/advanced-cf7-db/v1/delete-entry/wp-json/advanced-cf7-db/v1/get-entry-details/wp-json/advanced-cf7-db/v1/update-field-label

FAQ