Advanced Contact Form 7 – Compact DB Security & Risk Analysis

wordpress.org/plugins/advanced-contact-form-7-compact-db

An add-on for Contact Form 7 that provides an updated and compact data viewing option.

30 active installs v1.0.0 PHP 5.2.4+ WP 3.7+ Updated Apr 15, 2020
commentsspam
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEJun 23, 2026
Download
Safety Verdict

Is Advanced Contact Form 7 – Compact DB Safe to Use in 2026?

Use With Caution

Score 63/100

Advanced Contact Form 7 – Compact DB has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 23, 2026Updated 6yr ago
Risk Assessment

This plugin exhibits a concerningly weak security posture due to several critical misconfigurations and the absence of fundamental security checks. The static analysis reveals a significant attack surface with four AJAX handlers, all of which lack authentication checks, exposing them to potential unauthorized access and malicious actions. Furthermore, the presence of the `unserialize` function, coupled with raw SQL queries that are not prepared, presents a high risk of remote code execution and SQL injection vulnerabilities. The extremely low percentage of properly escaped output further exacerbates these risks, as user-supplied data can be directly injected into the application without proper sanitization, leading to cross-site scripting (XSS) attacks.

While the plugin has no recorded vulnerability history, this absence should not be interpreted as a sign of robust security. Instead, it might indicate a lack of rigorous security auditing or a relatively small user base that has not yet attracted widespread vulnerability research. The lack of any recorded CVEs is a positive signal, but it is overshadowed by the immediate and severe risks identified within the code itself. The plugin's reliance on insecure coding practices makes it a prime target for attackers, despite its clean vulnerability history.

Key Concerns

  • AJAX handlers without authentication checks
  • Unescaped output is significantly low
  • Dangerous function 'unserialize' used
  • SQL queries not using prepared statements
  • No nonce checks on AJAX handlers
  • No capability checks on AJAX handlers
Vulnerabilities
1 published

Advanced Contact Form 7 – Compact DB Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-12094medium · 5.3Missing Authorization

Advanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' Parameter

Jun 23, 2026Unpatched
Version History

Advanced Contact Form 7 – Compact DB Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Advanced Contact Form 7 – Compact DB Code Analysis

Dangerous Functions
1
Raw SQL Queries
2
0 prepared
Unescaped Output
6
1 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$uns_data = unserialize($row->form_data)cf7cdb.php:206

SQL Query Safety

0% prepared2 total queries

Output Escaping

14% escaped7 total outputs
Attack Surface
4 unprotected

Advanced Contact Form 7 – Compact DB Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_cf7cdb_deletecf7cdb.php:103
noprivwp_ajax_cf7cdb_deletecf7cdb.php:104
authwp_ajax_cf7cdb_exportcf7cdb.php:148
noprivwp_ajax_cf7cdb_exportcf7cdb.php:149
WordPress Hooks 4
actionadmin_noticescf7cdb.php:37
actionadmin_enqueue_scriptscf7cdb.php:96
actionwpcf7_editor_panelscf7cdb.php:182
actionwpcf7_mail_sentcf7cdb.php:275
Maintenance & Trust

Advanced Contact Form 7 – Compact DB Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedApr 15, 2020
PHP min version5.2.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Developer Profile

Advanced Contact Form 7 – Compact DB Developer Profile

Ranit

2 plugins · 40 total installs

76
trust score
Avg Security Score
74/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Contact Form 7 – Compact DB

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advanced-contact-form-7-compact-db/js/cf7cdb.js/wp-content/plugins/advanced-contact-form-7-compact-db/js/jquery.ajax.js/wp-content/plugins/advanced-contact-form-7-compact-db/css/cf7cdb.css
Script Paths
/wp-content/plugins/advanced-contact-form-7-compact-db/js/cf7cdb.js/wp-content/plugins/advanced-contact-form-7-compact-db/js/jquery.ajax.js
Version Parameters
advanced-contact-form-7-compact-db/js/cf7cdb.js?ver=1.0advanced-contact-form-7-compact-db/css/cf7cdb.css?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes
cf7_cdb_dFlxcf7cdb_exportcf7_cdb_resultscf7_cdb_itemitem_top_arescf7_cdb_metacf7_cdb_timecf7cdb_view+3 more
Data Attributes
data-id
JS Globals
ajax_object
FAQ

Frequently Asked Questions about Advanced Contact Form 7 – Compact DB