Does Authyo OTP for Contact Form 7 have any unpatched vulnerabilities?

No. All known vulnerabilities in Authyo OTP for Contact Form 7 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Authyo OTP for Contact Form 7 compatible with WordPress 6.9.4?

According to WordPress.org data, Authyo OTP for Contact Form 7 1.0.20 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Authyo OTP for Contact Form 7 compatible with PHP 7.4+?

Authyo OTP for Contact Form 7 requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Authyo OTP for Contact Form 7 updated?

Authyo OTP for Contact Form 7 was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is Authyo OTP for Contact Form 7's security score?

Authyo OTP for Contact Form 7 has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Authyo OTP for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/authyo-otp-for-contact-form-7

Adds OTP verification (Email, SMS, WhatsApp, Voice Call) and Google Sheets Integration (with Multi-Sheet support) to Contact Form 7.

10 active installs v1.0.20 PHP 7.4+ WP 5.5+ Updated Mar 13, 2026

contact-form-7email-verificationform-securityotp-verificationspam-protection

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Authyo OTP for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 100/100

Authyo OTP for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 21d ago

Risk Assessment

The "authyo-otp-for-contact-form-7" plugin v1.0.20 exhibits a strong security posture based on the provided static analysis. A significant strength is the complete absence of unprotected entry points across AJAX handlers, REST API routes, and shortcodes. The code also demonstrates excellent output escaping practices, with 97% of outputs properly sanitized, and a healthy use of prepared statements for its SQL queries (67%). The presence of nonce checks and capability checks further bolsters its defenses against common attacks.

The plugin's vulnerability history is also a significant positive indicator, with zero known CVEs, indicating a well-maintained and secure codebase over time. The lack of critical or high severity taint flows suggests that data is handled safely within the plugin's operations, and there are no apparent unsanitized paths that could lead to exploitation.

Overall, this plugin appears to be robust and securely developed. The minimal attack surface combined with strong internal security checks and a clean vulnerability history points to a low-risk component for WordPress sites. While no plugin can be considered entirely risk-free, the data presented here suggests this plugin is among the more secure options.

Vulnerabilities

None known

Authyo OTP for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Authyo OTP for Contact Form 7 Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

207 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared6 total queries

Output Escaping

97% escaped213 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

render_settings (includes\class-authyo-admin.php:248)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Authyo OTP for Contact Form 7 Attack Surface

Entry Points18

Unprotected0

AJAX Handlers 3

authwp_ajax_authyo_cf7_submit_deactivation_feedbackincludes\class-authyo-deactivation.php:25

authwp_ajax_authyo_cf7_submit_email_subscriptionincludes\class-authyo-deactivation.php:38

authwp_ajax_authyo_cf7_dismiss_email_subscriptionincludes\class-authyo-deactivation.php:39

REST API Routes 9

POST/wp-json/authyo-cf7/v1/admin-test/sendincludes\class-authyo-admin.php:1392

POST/wp-json/authyo-cf7/v1/admin-test/verifyincludes\class-authyo-admin.php:1399

GET/wp-json/authyo-cf7/v1/admin-test/diagnosticsincludes\class-authyo-admin.php:1406

POST/wp-json/authyo-cf7/v1/admin/refresh-countriesincludes\class-authyo-admin.php:1413

GET/wp-json/authyo-cf7/v1/admin/country-cache-infoincludes\class-authyo-admin.php:1420

POST/wp-json/authyo-cf7/v1/deactivation-feedbackincludes\class-authyo-deactivation.php:185

POST/wp-json/authyo-cf7/v1/settings-save-trackingincludes\class-authyo-deactivation.php:192

POST/wp-json/authyo-cf7/v1/sendincludes\class-authyo-frontend.php:335

POST/wp-json/authyo-cf7/v1/verifyincludes\class-authyo-frontend.php:340

Shortcodes 6

[authyo_otp] includes\class-authyo-frontend.php:36

[authyo-otp] includes\class-authyo-frontend.php:37

[authyo_email] includes\class-authyo-frontend.php:40

[authyo_phone] includes\class-authyo-frontend.php:41

[only_country_dropdown] includes\class-authyo-frontend.php:44

[only-country-dropdown] includes\class-authyo-frontend.php:45

WordPress Hooks 26

actionplugins_loadedauthyo-otp-for-contact-form-7.php:25

actionadmin_noticesauthyo-otp-for-contact-form-7.php:27

actionwp_enqueue_scriptsauthyo-otp-for-contact-form-7.php:54

actionadmin_enqueue_scriptsauthyo-otp-for-contact-form-7.php:265

filterpre_update_option_authyo_cf7_settingsauthyo-otp-for-contact-form-7.php:300

filterpre_update_option_cf7_authyo_settingsauthyo-otp-for-contact-form-7.php:313

actionadmin_menuincludes\class-authyo-admin.php:9

actionadmin_initincludes\class-authyo-admin.php:10

actionadmin_initincludes\class-authyo-admin.php:11

actionrest_api_initincludes\class-authyo-admin.php:12

filterwp_redirectincludes\class-authyo-admin.php:13

actionadmin_enqueue_scriptsincludes\class-authyo-deactivation.php:22

actionrest_api_initincludes\class-authyo-deactivation.php:28

actionupdate_option_authyo_cf7_settingsincludes\class-authyo-deactivation.php:32

actionadd_option_authyo_cf7_settingsincludes\class-authyo-deactivation.php:34

actionadmin_noticesincludes\class-authyo-deactivation.php:37

actionwp_enqueue_scriptsincludes\class-authyo-frontend.php:9

actionwpcf7_initincludes\class-authyo-frontend.php:10

actioninitincludes\class-authyo-frontend.php:11

filterwpcf7_form_elementsincludes\class-authyo-frontend.php:12

filterwpcf7_form_elementsincludes\class-authyo-frontend.php:13

actionrest_api_initincludes\class-authyo-frontend.php:14

actionwpcf7_before_send_mailincludes\class-authyo-frontend.php:15

filterwpcf7_posted_dataincludes\class-authyo-frontend.php:16

actionwpcf7_before_send_mailincludes\class-authyo-google-sheets.php:9

actionwpcf7_before_send_mailincludes\class-authyo-leads-manager.php:18

Maintenance & Trust

Authyo OTP for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version7.4

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Authyo OTP for Contact Form 7 Alternatives

Valid Email Verification for Contact Form 7

valid-email-verification-cf7

100

Adds duplicate email blocking and verification to Contact Form 7 to improve form security and reduce spam.

10 No CVEs

Contact Form 7 Captcha

contact-form-7-simple-recaptcha

Protect your Contact Form 7 forms with Google reCAPTCHA V2, Google reCAPTCHA V3, hCAPTCHA, or Cloudflare Turnstile.

100K 2 CVEs

SilentShield – Captcha & Anti-Spam for WordPress (CF7, WPForms, Elementor, WooCommerce)

captcha-for-contact-form-7

100

SilentShield – the invisible shield against spam. Spam is the weed of the internet. It clogs your forms, steals your time, and corrupts your data.

10K 1 CVE

Spam Protect for Contact Form 7

wp-contact-form-7-spam-blocker

100

Spam Protect for Contact-Form7 protects from spam and bots. Customize defense strategies and monitor blocked attempts. Protect your time effectively!

10K No CVEs

Contact Form 7 Spam Killer

cf7-advance-security

100

"Contact Form 7 Spam Killer" is a advance spam blocker that will help to prevent unwanted spam for your Contact Form 7 plugin.

4K No CVEs

Developer Profile

Authyo OTP for Contact Form 7 Developer Profile

Konceptwise Digital Media Pvt Ltd

10 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Authyo OTP for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/authyo-otp-for-contact-form-7/assets/css/frontend.css/wp-content/plugins/authyo-otp-for-contact-form-7/assets/js/frontend.js/wp-content/plugins/authyo-otp-for-contact-form-7/assets/js/voice-validation.js

Script Paths

/wp-content/plugins/authyo-otp-for-contact-form-7/assets/js/frontend.js/wp-content/plugins/authyo-otp-for-contact-form-7/assets/js/voice-validation.js

Version Parameters

authyo-otp-for-contact-form-7/assets/css/frontend.css?ver=authyo-otp-for-contact-form-7/assets/js/frontend.js?ver=authyo-otp-for-contact-form-7/assets/js/voice-validation.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-authyo-cf7-validation-endpoint

JS Globals

authyoCF7Frontend

FAQ