
Advanced Contact Form 7 – Compact DB Security & Risk Analysis
wordpress.org/plugins/advanced-contact-form-7-compact-dbAn add-on for Contact Form 7 that provides an updated and compact data viewing option.
Is Advanced Contact Form 7 – Compact DB Safe to Use in 2026?
Use With Caution
Score 63/100Advanced Contact Form 7 – Compact DB has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
This plugin exhibits a concerningly weak security posture due to several critical misconfigurations and the absence of fundamental security checks. The static analysis reveals a significant attack surface with four AJAX handlers, all of which lack authentication checks, exposing them to potential unauthorized access and malicious actions. Furthermore, the presence of the `unserialize` function, coupled with raw SQL queries that are not prepared, presents a high risk of remote code execution and SQL injection vulnerabilities. The extremely low percentage of properly escaped output further exacerbates these risks, as user-supplied data can be directly injected into the application without proper sanitization, leading to cross-site scripting (XSS) attacks.
While the plugin has no recorded vulnerability history, this absence should not be interpreted as a sign of robust security. Instead, it might indicate a lack of rigorous security auditing or a relatively small user base that has not yet attracted widespread vulnerability research. The lack of any recorded CVEs is a positive signal, but it is overshadowed by the immediate and severe risks identified within the code itself. The plugin's reliance on insecure coding practices makes it a prime target for attackers, despite its clean vulnerability history.
Key Concerns
- AJAX handlers without authentication checks
- Unescaped output is significantly low
- Dangerous function 'unserialize' used
- SQL queries not using prepared statements
- No nonce checks on AJAX handlers
- No capability checks on AJAX handlers
Advanced Contact Form 7 – Compact DB Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Advanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' Parameter
Advanced Contact Form 7 – Compact DB Release Timeline
Advanced Contact Form 7 – Compact DB Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Advanced Contact Form 7 – Compact DB Attack Surface
AJAX Handlers 4
WordPress Hooks 4
Maintenance & Trust
Advanced Contact Form 7 – Compact DB Maintenance & Trust
Maintenance Signals
Community Trust
Advanced Contact Form 7 – Compact DB Alternatives
Akismet Anti-spam: Spam Protection
akismet
The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]
disable-comments
Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.
Antispam Bee
antispam-bee
Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.
Spam protection, Honeypot, Anti-Spam by CleanTalk
cleantalk-spam-protect
Blocks spam comments, fake users, contact form spam and more. No impact on SEO. Privacy focused. CAPTCHA free, premium Antispam plugin.
Captcha Code
captcha-code-authentication
GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.
Advanced Contact Form 7 – Compact DB Developer Profile
2 plugins · 40 total installs
How We Detect Advanced Contact Form 7 – Compact DB
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/advanced-contact-form-7-compact-db/js/cf7cdb.js/wp-content/plugins/advanced-contact-form-7-compact-db/js/jquery.ajax.js/wp-content/plugins/advanced-contact-form-7-compact-db/css/cf7cdb.css/wp-content/plugins/advanced-contact-form-7-compact-db/js/cf7cdb.js/wp-content/plugins/advanced-contact-form-7-compact-db/js/jquery.ajax.jsadvanced-contact-form-7-compact-db/js/cf7cdb.js?ver=1.0advanced-contact-form-7-compact-db/css/cf7cdb.css?ver=1.0.0HTML / DOM Fingerprints
cf7_cdb_dFlxcf7cdb_exportcf7_cdb_resultscf7_cdb_itemitem_top_arescf7_cdb_metacf7_cdb_timecf7cdb_view+3 moredata-idajax_object