WP-Safety

Welcome Emails for Contact Forms Security & Risk Analysis

wordpress.org/plugins/automation

Create beautiful Welcome Emails for contact forms made with Contact Form 7 and Forminator to be sent immediately and delayed.

10 active installs v1.0.4 PHP 7.4+ WP 5.1+ Updated Unknown
automationemail-serieswelcome-emails
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Welcome Emails for Contact Forms Safe to Use in 2026?

Generally Safe

Score 100/100

Welcome Emails for Contact Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The 'automation' v1.0.4 plugin demonstrates a generally good security posture with several strong practices in place. The extensive use of prepared statements for SQL queries and a high percentage of properly escaped output are commendable. The plugin also appears to have a clean vulnerability history, with no recorded CVEs, which suggests a commitment to secure development. The absence of critical or high-severity taint flows further reinforces this positive assessment.

However, a significant concern arises from the presence of one AJAX handler that lacks authentication checks. This creates a direct entry point into the plugin's functionality that could potentially be exploited by unauthenticated users. While the plugin has a moderate attack surface overall, this single unprotected endpoint represents a clear and present risk that needs immediate attention. The plugin also employs nonces and capability checks for most of its AJAX handlers, indicating an awareness of security, but the omission on one handler is a critical oversight.

In conclusion, 'automation' v1.0.4 is built on a solid foundation of secure coding principles, particularly in data handling. The lack of historical vulnerabilities is a strong indicator of responsible development. The primary weakness lies in the single unprotected AJAX handler, which significantly elevates the risk profile despite otherwise positive security metrics. Addressing this specific issue should be the highest priority to bring the plugin's security to a more robust level.

Key Concerns

  • AJAX handler without authentication check
Vulnerabilities
None known

Welcome Emails for Contact Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Welcome Emails for Contact Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
12 prepared
Unescaped Output
6
252 escaped
Nonce Checks
8
Capability Checks
3
File Operations
2
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared12 total queries

Output Escaping

98% escaped258 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
<settings> (admin\settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Welcome Emails for Contact Forms Attack Surface

Entry Points8
Unprotected1

AJAX Handlers 8

authwp_ajax_composer_saveclasses\Composer\Composer.php:19
authwp_ajax_composer_testclasses\Composer\Composer.php:20
authwp_ajax_composer_blockclasses\Composer\Composer.php:21
authwp_ajax_composer_formclasses\Composer\Composer.php:22
authwp_ajax_composer_getclasses\Composer\Composer.php:23
authwp_ajax_automation_type_statusclasses\EventManager.php:13
authwp_ajax_automation_email_statusclasses\EventManager.php:14
authwp_ajax_automation_email_delayclasses\EventManager.php:15
WordPress Hooks 10
actioninitautomation.php:53
actionwp_loadedautomation.php:54
actionadmin_menuclasses\Admin.php:12
actionadmin_enqueue_scriptsclasses\Admin.php:16
actionwp_mail_failedclasses\Composer\Composer.php:228
filtercron_schedulesclasses\Engine.php:14
actionautomation_runclasses\Engine.php:22
actionwpcf7_before_send_mailclasses\Integrations.php:56
filterforminator_custom_form_submit_before_set_fieldsclasses\Integrations.php:75
actionautomation_fire_eventincludes\api.php:13

Scheduled Events 1

automation_run
Maintenance & Trust

Welcome Emails for Contact Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedUnknown
PHP min version7.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Welcome Emails for Contact Forms Alternatives

MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
OttoKit: All-in-One Automation Platform

OttoKit: All-in-One Automation Platform

suretriggers

A
91

Experience the power of automation within WordPress: Connect 1,300+ apps, automate manual tasks, and unlock your full potential. Get started now!

100K 4 CVEs
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

B
76

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs
Blog2Social: Social Media Auto Post & Scheduler

Blog2Social: Social Media Auto Post & Scheduler

blog2social

B
76

Automatically share and schedule your WordPress content on top social platforms like Facebook, Instagram, LinkedIn, TikTok, and more.

50K 21 CVEs
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin

Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin

uncanny-automator

B
83

Uncanny Automator is the easiest and most powerful way to connect your WordPress plugins, sites and apps together with powerful automations.

50K 11 CVEs
Developer Profile

Welcome Emails for Contact Forms Developer Profile

Stefano Lissa

14 plugins · 515K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
650 days
View full developer profile
Detection Fingerprints

How We Detect Welcome Emails for Contact Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/automation/admin/style.css/wp-content/plugins/automation/vendor/toastify/toastify.css/wp-content/plugins/automation/vendor/spectrum/spectrum.min.css/wp-content/plugins/automation/composer/style.css/wp-content/plugins/automation/composer/controls.css
Script Paths
/wp-content/plugins/automation/vendor/toastify/toastify.js/wp-content/plugins/automation/vendor/spectrum/spectrum.min.js/wp-content/plugins/automation/vendor/tinymce/js/tinymce/tinymce.min.js/wp-content/plugins/automation/vendor/popper/popper.min.js/wp-content/plugins/automation/composer/scripts.js
Version Parameters
automation/admin/style.css?ver=automation/vendor/toastify/toastify.css?ver=automation/vendor/spectrum/spectrum.min.css?ver=automation/composer/style.css?ver=automation/composer/controls.css?ver=automation/vendor/toastify/toastify.js?ver=automation/vendor/spectrum/spectrum.min.js?ver=automation/vendor/tinymce/js/tinymce/tinymce.min.js?ver=automation/vendor/popper/popper.min.js?ver=automation/composer/scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
cmp-block-typecmp-block-contentcmp-block-toolscmp-form-actionscmp-subject-inputcmp-content-wrapper
Data Attributes
data-type
JS Globals
Composer
REST Endpoints
/wp-json/automation/v1/settings/wp-json/automation/v1/events/wp-json/automation/v1/forms/wp-json/automation/v1/types/wp-json/automation/v1/actions/wp-json/automation/v1/templates/wp-json/automation/v1/composer/save/wp-json/automation/v1/composer/block/wp-json/automation/v1/composer/get/wp-json/automation/v1/composer/render/wp-json/automation/v1/composer/remove
FAQ

Frequently Asked Questions about Welcome Emails for Contact Forms