AmwalPay for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/amwalpay-for-contact-form-7

Accept Secure Payments with AmwalPay for Contact Form 7

0 active installs v1.0.0 PHP 7.4+ WP 5.0+ Updated May 26, 2025
amwalpaycontact-formcontact-form-7formpayment
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is AmwalPay for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 92/100

AmwalPay for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The 'amwalpay-for-contact-form-7' plugin, version 1.0.0, exhibits a generally positive security posture based on the provided static analysis. The code diligently utilizes prepared statements for all SQL queries, which significantly mitigates the risk of SQL injection vulnerabilities. Furthermore, the presence of nonce and capability checks, though limited in number, indicates an awareness of common WordPress security best practices.

However, a notable concern arises from the output escaping. With only 51% of outputs properly escaped, there is a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. This means that user-supplied data or data processed by the plugin could be rendered directly in the browser without adequate sanitization, potentially allowing attackers to inject malicious scripts. The lack of any identified critical or high severity taint flows in the analysis is a positive sign, but it does not negate the XSS risk associated with poor output escaping.

The plugin's vulnerability history is notably clean, with no recorded CVEs. This absence of known vulnerabilities, combined with the good SQL practices, suggests a relatively stable and well-maintained codebase in terms of historical security issues. However, the static analysis highlights an area of weakness in output escaping that could lead to new vulnerabilities. In conclusion, while the plugin benefits from secure SQL handling and a clean vulnerability history, the significant proportion of unescaped output presents a tangible risk that warrants attention.

Key Concerns

  • Significant portion of outputs not properly escaped (XSS risk)
Vulnerabilities
None known

AmwalPay for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

AmwalPay for Contact Form 7 Release Timeline

v1.0.0Current
Code Analysis
Analyzed Mar 17, 2026

AmwalPay for Contact Form 7 Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
39
40 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared6 total queries

Output Escaping

51% escaped79 total outputs
Attack Surface

AmwalPay for Contact Form 7 Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[amwalpay_cf7_payment_status] amwalpay-for-contact-form-7.php:635
WordPress Hooks 8
actionadmin_menuamwalpay-for-contact-form-7.php:65
actionwpcf7_mail_sentamwalpay-for-contact-form-7.php:199
filterwpcf7_editor_panelsamwalpay-for-contact-form-7.php:212
actionwpcf7_admin_after_additional_settingsamwalpay-for-contact-form-7.php:258
actionwpcf7_save_contact_formamwalpay-for-contact-form-7.php:277
actionadmin_noticesamwalpay-for-contact-form-7.php:463
actionwp_enqueue_scriptsamwalpay-for-contact-form-7.php:504
actioninitamwalpay-for-contact-form-7.php:554
Maintenance & Trust

AmwalPay for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 26, 2025
PHP min version7.4
Downloads331

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

AmwalPay for Contact Form 7 Developer Profile

amwalpay

3 plugins · 300 total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect AmwalPay for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/amwalpay-for-contact-form-7/includes/amwalpay_cf7_redirect.php

HTML / DOM Fingerprints

Data Attributes
name="_amwalpay_cf7_enable"name="_amwalpay_cf7_email"name="_amwalpay_cf7_price"
FAQ

Frequently Asked Questions about AmwalPay for Contact Form 7