WP-Safety

BCodeCraft Submissions for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/bcodecraft-submissions-cf7

Secure storage and management of Contact Form 7 submissions with advanced security features. Never lose a lead again!

0 active installs v1.0.0 PHP 8.0+ WP 6.0+ Updated Jan 26, 2026
cf7-databasecontact-form-7contact-form-storageform-entriesform-submissions
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is BCodeCraft Submissions for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 100/100

BCodeCraft Submissions for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The bcodecraft-submissions-cf7 plugin version 1.0.0 exhibits a generally good security posture with a high percentage of properly escaped outputs and the extensive use of prepared statements for SQL queries. The plugin also demonstrates a solid implementation of security checks, with a significant number of capability checks and nonce checks. Furthermore, its clean vulnerability history with no recorded CVEs is a positive indicator of its security development practices.

However, the plugin does present some areas of concern that warrant attention. The presence of 12 AJAX handlers, with a notable 4 of them lacking authentication checks, exposes a significant attack surface to potential unauthorized access and manipulation. While the taint analysis did not reveal critical or high severity vulnerabilities, the existence of 3 flows with unsanitized paths is a potential risk that could lead to unexpected behavior or security issues if exploited. The file operations and external HTTP requests are relatively low, which is a positive aspect.

Key Concerns

  • AJAX handlers without authentication checks
  • Flows with unsanitized paths found
Vulnerabilities
None known

BCodeCraft Submissions for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

BCodeCraft Submissions for Contact Form 7 Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
22 prepared
Unescaped Output
11
188 escaped
Nonce Checks
14
Capability Checks
32
File Operations
7
External Requests
0
Bundled Libraries
0

SQL Query Safety

81% prepared27 total queries

Output Escaping

94% escaped199 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths
display_admin_notices (includes\class-form-sentry-admin.php:805)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

BCodeCraft Submissions for Contact Form 7 Attack Surface

Entry Points12
Unprotected4

AJAX Handlers 12

authwp_ajax_bccs_admin_actionincludes\class-form-sentry-admin.php:87
authwp_ajax_bccs_get_entriesincludes\class-form-sentry-entries.php:67
authwp_ajax_bccs_get_entryincludes\class-form-sentry-entries.php:68
authwp_ajax_bccs_delete_entryincludes\class-form-sentry-entries.php:69
authwp_ajax_bccs_bulk_deleteincludes\class-form-sentry-entries.php:70
authwp_ajax_bccs_export_csvincludes\class-form-sentry-entries.php:71
authwp_ajax_bccs_get_entriesincludes\class-form-sentry-security.php:64
authwp_ajax_bccs_export_csvincludes\class-form-sentry-security.php:65
authwp_ajax_bccs_get_entriesincludes\class-form-sentry-security.php:75
authwp_ajax_bccs_export_csvincludes\class-form-sentry-security.php:76
authwp_ajax_bccs_get_entriesincludes\class-form-sentry.php:165
authwp_ajax_bccs_export_csvincludes\class-form-sentry.php:166
WordPress Hooks 39
actionadmin_noticesform-sentry-cf7.php:246
actionplugins_loadedform-sentry-cf7.php:270
filterplugin_row_metaform-sentry-cf7.php:302
actionadmin_noticesform-sentry-cf7.php:330
actionadmin_initform-sentry-cf7.php:370
actionadmin_noticesform-sentry-cf7.php:378
actionadmin_initform-sentry-cf7.php:428
actionadmin_menuincludes\class-form-sentry-admin.php:79
actionadmin_initincludes\class-form-sentry-admin.php:82
actionadmin_noticesincludes\class-form-sentry-admin.php:90
actionadmin_enqueue_scriptsincludes\class-form-sentry-assets.php:95
actionwp_enqueue_scriptsincludes\class-form-sentry-assets.php:98
actionlogin_enqueue_scriptsincludes\class-form-sentry-assets.php:101
filterscript_loader_tagincludes\class-form-sentry-assets.php:104
filterstyle_loader_tagincludes\class-form-sentry-assets.php:105
actionadmin_footerincludes\class-form-sentry-assets.php:108
actionadmin_initincludes\class-form-sentry-cf7-detector.php:65
actionadmin_noticesincludes\class-form-sentry-cf7-detector.php:68
actionactivated_pluginincludes\class-form-sentry-cf7-detector.php:74
actiondeactivated_pluginincludes\class-form-sentry-cf7-detector.php:75
actionwpcf7_mail_sentincludes\class-form-sentry-cf7-hook.php:66
actionwpcf7_mail_failedincludes\class-form-sentry-cf7-hook.php:74
actionadmin_initincludes\class-form-sentry-cf7-hook.php:108
filterwpcf7_editor_panelsincludes\class-form-sentry-cf7-hook.php:109
actionwpcf7_initincludes\class-form-sentry-cf7-hook.php:114
actionadmin_noticesincludes\class-form-sentry-cf7-hook.php:582
actionbccs_db_cleanupincludes\class-form-sentry-database.php:808
actionadmin_post_bccs_exportincludes\class-form-sentry-entries.php:74
actionwp_loadedincludes\class-form-sentry-logger.php:437
actionwp_loadedincludes\class-form-sentry-logger.php:445
actionwp_loadedincludes\class-form-sentry-logger.php:450
actionbccs_log_cleanupincludes\class-form-sentry-logger.php:559
actionrest_api_initincludes\class-form-sentry-rest-api.php:64
actionadmin_initincludes\class-form-sentry-security.php:63
actionbccs_security_cleanupincludes\class-form-sentry-security.php:587
actioninitincludes\class-form-sentry.php:153
actionadmin_initincludes\class-form-sentry.php:161
actionplugins_loadedincludes\class-form-sentry.php:169
actionadmin_noticesincludes\class-form-sentry.php:312

Scheduled Events 3

bccs_db_cleanup
bccs_log_cleanup
bccs_security_cleanup
Maintenance & Trust

BCodeCraft Submissions for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 26, 2026
PHP min version8.0
Downloads90

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

BCodeCraft Submissions for Contact Form 7 Alternatives

Contact Form Entries Database

Contact Form Entries Database

contact-form-entries-database

A
100

Capture and manage contact form submissions from Contact Form 7, WPForms, and Ninja Forms � store entries in your WordPress database and view them in …

0 No CVEs
Database Addon for Contact Form 7 – CFDB7

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

A
90

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs
Database for Contact Form 7, WPforms, Elementor forms

Database for Contact Form 7, WPforms, Elementor forms

contact-form-entries

B
76

Saves Contact Form 7, WPforms,Elementor Forms, CRM Perks Forms and many other contact form submissions to database.

70K 13 CVEs
FormsDB – Save Elementor Forms to Google Sheets & Post Type

FormsDB – Save Elementor Forms to Google Sheets & Post Type

sb-elementor-contact-form-db

A
98

Connect Elementor forms with Google Sheets to sync form entries, or save form submissions in any post type using Elementor Pro or Hello Plus forms.

20K 3 CVEs
Database for CF7

Database for CF7

database-for-cf7

A
92

Save CF7 submitted form informations into your WordPress database.

2K 1 CVE
Developer Profile

BCodeCraft Submissions for Contact Form 7 Developer Profile

BCodeCraft

5 plugins · 40 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BCodeCraft Submissions for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bcodecraft-submissions-cf7/assets/css/bccs-admin-styles.css/wp-content/plugins/bcodecraft-submissions-cf7/assets/js/bccs-admin-scripts.js/wp-content/plugins/bcodecraft-submissions-cf7/assets/js/bccs-frontend-scripts.js
Script Paths
/wp-content/plugins/bcodecraft-submissions-cf7/assets/js/bccs-admin-scripts.js/wp-content/plugins/bcodecraft-submissions-cf7/assets/js/bccs-frontend-scripts.js
Version Parameters
bcodecraft-submissions-cf7/assets/css/bccs-admin-styles.css?ver=bcodecraft-submissions-cf7/assets/js/bccs-admin-scripts.js?ver=bcodecraft-submissions-cf7/assets/js/bccs-frontend-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
bccs-admin-notice
HTML Comments
<!-- BCodeCraft Submissions for Contact Form 7 --><!-- Plugin security and environment checks --><!-- Environment Compatibility Checks --><!-- Display admin notice for environment errors -->+1 more
JS Globals
BCCS_AJAX_URLBCCS_NONCEBCCS_PLUGIN_SLUG
FAQ

Frequently Asked Questions about BCodeCraft Submissions for Contact Form 7