Does Bootstrap for Contact Form 7 have any unpatched vulnerabilities?

No. All known vulnerabilities in Bootstrap for Contact Form 7 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Bootstrap for Contact Form 7 compatible with WordPress 4.9.29?

According to WordPress.org data, Bootstrap for Contact Form 7 1.4.8 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Bootstrap for Contact Form 7 updated?

Bootstrap for Contact Form 7 was last updated on May 24, 2018. Frequent updates are generally a positive security signal.

What is Bootstrap for Contact Form 7's security score?

Bootstrap for Contact Form 7 has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bootstrap for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/bootstrap-for-contact-form-7

This plugin modifies the output of the popular Contact Form 7 plugin to be styled in compliance with themes using the Bootstrap CSS framework.

10K active installs v1.4.8 PHP + WP 3.6+ Updated May 24, 2018

bootstrapbootstrap-3bootstrap-frameworkcontact-form-7wpcf7

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Bootstrap for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 85/100

Bootstrap for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The static analysis of bootstrap-for-contact-form-7 v1.4.8 reveals a generally strong security posture. The plugin reports no dangerous functions, no direct SQL queries (all use prepared statements), and a high percentage of properly escaped output. Furthermore, there are no file operations or external HTTP requests, and importantly, no identified vulnerabilities in its history, indicating a commitment to secure development or a history of prompt patching. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. However, the complete lack of nonce checks and only one capability check across all analyzed code signals suggests a potential weakness. While the total entry points are zero, implying no directly accessible functions without some form of WordPress core interaction, the absence of explicit checks in these areas could be a concern if any underlying WordPress functionality were to expose them unexpectedly. The taint analysis also shows no flows, which is positive, but the limited scope of analysis (0 flows analyzed) might mean this is not a comprehensive assessment of taint vulnerabilities.

Key Concerns

No nonce checks
Only one capability check
Limited taint analysis scope

Vulnerabilities

None known

Bootstrap for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Bootstrap for Contact Form 7 Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

101 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

89% escaped114 total outputs

Attack Surface

Bootstrap for Contact Form 7 Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 28

actionadmin_noticesbootstrap-for-contact-form-7.php:65

actionplugins_loadedbootstrap-for-contact-form-7.php:68

actionwpcf7_enqueue_scriptsmodifications.php:92

actionwpcf7_enqueue_stylesmodifications.php:102

actionwp_headmodifications.php:193

filterwpcf7_form_class_attrmodifications.php:205

filterwpcf7_form_novalidatemodifications.php:213

filterwpcf7_form_response_outputmodifications.php:238

filterwpcf7_validation_errormodifications.php:250

filterwpcf7_ajax_json_echomodifications.php:260

filterwpcf7_default_templatemodifications.php:268

filterwpcf7_editor_panelsmodifications.php:337

filterwpcf7_ajax_json_echomodifications.php:356

actionwpcf7_initmodules\acceptance.php:10

actionwpcf7_initmodules\checkbox.php:10

actionwpcf7_initmodules\count.php:10

actionwpcf7_initmodules\date.php:10

actionwpcf7_initmodules\file.php:10

actionwpcf7_initmodules\number.php:10

actionwpcf7_initmodules\quiz.php:10

actionwpcf7_initmodules\really-simple-captcha.php:10

filterwpcf7_ajax_onloadmodules\really-simple-captcha.php:170

filterwpcf7_ajax_json_echomodules\really-simple-captcha.php:171

actionwpcf7_initmodules\recaptcha.php:11

actionwpcf7_initmodules\select.php:10

actionwpcf7_initmodules\submit.php:10

actionwpcf7_initmodules\text.php:10

actionwpcf7_initmodules\textarea.php:10

Maintenance & Trust

Bootstrap for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedMay 24, 2018

PHP min version

Downloads316K

Community Trust

Rating96/100

Number of ratings26

Active installs10K

Alternatives

Bootstrap for Contact Form 7 Alternatives

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs

Contact Form 7: Accessible Defaults

contact-form-7-accessible-defaults

100

Replaces the default Contact Form 7 form with an accessible equivalent and provides a suite of selectable base forms.

5K No CVEs

Date Picker For Contact Form 7

date-picker-for-contact-form-7

100

Easily add a customizable Date Picker to Contact Form 7. Restrict dates, disable specific days, and improve your booking forms.

4K No CVEs

Twitter's Bootstrap Shortcodes Ultimate Add-on

twitters-bootstrap-shortcodes-ultimate

Add short codes for Twitter's Bootstrap 3 CSS and components to your site add-on for Shortcodes Ultimate.

300 No CVEs

Live Drag and Drop Builder for Contact Form 7

drag-and-drop-form-builder-for-contact-form-7

Use a nice Drag and Drop Form Builder when you Create forms with Contact Form 7.

80 No CVEs

Developer Profile

Bootstrap for Contact Form 7 Developer Profile

Felix Arntz

12 plugins · 18K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Bootstrap for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bootstrap-for-contact-form-7/css/cf7bs-add-ons.css/wp-content/plugins/bootstrap-for-contact-form-7/css/cf7bs-bootstrap-admin.css/wp-content/plugins/bootstrap-for-contact-form-7/css/cf7bs-input-groups.css/wp-content/plugins/bootstrap-for-contact-form-7/css/cf7bs-layouts.css/wp-content/plugins/bootstrap-for-contact-form-7/css/cf7bs-main.css/wp-content/plugins/bootstrap-for-contact-form-7/js/cf7bs-add-ons.js/wp-content/plugins/bootstrap-for-contact-form-7/js/cf7bs-bootstrap-admin.js/wp-content/plugins/bootstrap-for-contact-form-7/js/cf7bs-main.js

HTML / DOM Fingerprints

CSS Classes

cf7bs-input-groupcf7bs-componentcf7bs-layoutcf7bs-form-fieldcf7bs-group-layoutcf7bs-group-typecf7bs-labelcf7bs-grid+2 more

HTML Comments

Data Attributes

data-cf7bs-form-layoutdata-cf7bs-sizedata-cf7bs-group-layoutdata-cf7bs-group-typedata-cf7bs-grid-columnsdata-cf7bs-label-width+4 more

JS Globals

cf7bs_form_options

FAQ