Does BotShield CAPTCHA for Contact Form 7 have any unpatched vulnerabilities?

No. All known vulnerabilities in BotShield CAPTCHA for Contact Form 7 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BotShield CAPTCHA for Contact Form 7 compatible with WordPress 6.9.4?

According to WordPress.org data, BotShield CAPTCHA for Contact Form 7 2.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is BotShield CAPTCHA for Contact Form 7 compatible with PHP 7.4+?

BotShield CAPTCHA for Contact Form 7 requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BotShield CAPTCHA for Contact Form 7 updated?

BotShield CAPTCHA for Contact Form 7 was last updated on Jan 19, 2026. Frequent updates are generally a positive security signal.

What is BotShield CAPTCHA for Contact Form 7's security score?

BotShield CAPTCHA for Contact Form 7 has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BotShield CAPTCHA for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/botshield-captcha

BotShield CAPTCHA for Contact Form 7 – Advanced Spam Protection with Turnstile, reCAPTCHA, Arithmetic, and Alphanumeric.

10 active installs v2.0.0 PHP 7.4+ WP 5.0+ Updated Jan 19, 2026

captchacontact-form-7recaptchaspam-protectionturnstile

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is BotShield CAPTCHA for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 100/100

BotShield CAPTCHA for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The botshield-captcha plugin v2.0.0 exhibits a strong security posture based on the provided static analysis and vulnerability history. All identified entry points, including AJAX handlers, are protected with nonce and capability checks, which is a significant strength. The code also demonstrates good practices by exclusively using prepared statements for SQL queries and having a very high rate of properly escaped output, minimizing the risk of common web vulnerabilities like SQL injection and cross-site scripting. The absence of critical or high-severity taint flows and a clean vulnerability history further contribute to its positive security assessment.

While the overall security is robust, the plugin makes two external HTTP requests. Without further analysis of these requests, it's impossible to definitively assess their security implications. However, any external communication introduces a potential risk if the target service is compromised or if data is transmitted insecurely. The plugin also has a moderate attack surface with 5 AJAX handlers, though all are secured. This indicates a well-implemented plugin that prioritizes security by design.

Key Concerns

External HTTP requests made by plugin

Vulnerabilities

None known

BotShield CAPTCHA for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

BotShield CAPTCHA for Contact Form 7 Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

84 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped86 total outputs

Attack Surface

BotShield CAPTCHA for Contact Form 7 Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 5

authwp_ajax_botshield_captcha_refreshbotshield-captcha.php:119

noprivwp_ajax_botshield_captcha_refreshbotshield-captcha.php:120

authwp_ajax_botshield_captcha_imagebotshield-captcha.php:121

noprivwp_ajax_botshield_captcha_imagebotshield-captcha.php:122

authwp_ajax_botshield_dismiss_review_noticeincludes\class-botshield-review-notice.php:34

WordPress Hooks 15

actionplugins_loadedbotshield-captcha.php:59

actionadmin_noticesbotshield-captcha.php:70

actionwp_enqueue_scriptsbotshield-captcha.php:118

actionadmin_menuincludes\class-botshield-captcha-admin.php:16

actionadmin_initincludes\class-botshield-captcha-admin.php:17

actionadmin_enqueue_scriptsincludes\class-botshield-captcha-admin.php:18

filterplugin_row_metaincludes\class-botshield-captcha-admin.php:20

actionupdate_option_botshield_captcha_default_typeincludes\class-botshield-captcha-admin.php:23

actionwpcf7_initincludes\class-botshield-captcha-field.php:10

filterwpcf7_form_tag_data_optionincludes\class-botshield-captcha-field.php:11

actionwpcf7_admin_initincludes\class-botshield-captcha-field.php:12

filterwpcf7_validate_captchaincludes\class-botshield-captcha-validation.php:15

filterwpcf7_validate_captcha*includes\class-botshield-captcha-validation.php:16

actionadmin_noticesincludes\class-botshield-review-notice.php:32

actionwpcf7_mail_sentincludes\class-botshield-review-notice.php:33

Maintenance & Trust

BotShield CAPTCHA for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 19, 2026

PHP min version7.4

Downloads286

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

BotShield CAPTCHA for Contact Form 7 Alternatives

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

advanced-nocaptcha-recaptcha

Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.

100K 1 CVE

Contact Form 7 Captcha

contact-form-7-simple-recaptcha

Protect your Contact Form 7 forms with Google reCAPTCHA V2, Google reCAPTCHA V3, hCAPTCHA, or Cloudflare Turnstile.

100K 2 CVEs

Contact Form 7 Text CAPTCHA

text-captcha-contact-form-7

Secure your website Contact Form 7 forms from bots and hackers using plugin Contact Form 7 Text CAPTCHA. Just place shortcode [captchacf7* input-captc …

2K No CVEs

Text Captcha For Contact Form 7 [GWE]

text-captcha-for-contact-form-7

Adds a text captcha to Contact Form 7

10 No CVEs

ReCaptcha v2 for Contact Form 7

wpcf7-recaptcha

100

Adds reCaptcha v2 from Contact Form 7 5.0.5 that was dropped on Contact Form 7 5.1

200K No CVEs

Developer Profile

BotShield CAPTCHA for Contact Form 7 Developer Profile

R.Sabbir

3 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BotShield CAPTCHA for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/botshield-captcha/assets/js/botshield-captcha.js/wp-content/plugins/botshield-captcha/assets/css/botshield-captcha.css

Script Paths

/wp-content/plugins/botshield-captcha/assets/js/botshield-captcha.js

Version Parameters

botshield-captcha/assets/js/botshield-captcha.js?ver=botshield-captcha/assets/css/botshield-captcha.css?ver=

HTML / DOM Fingerprints

CSS Classes

botshield-captcha-wrapbotshield-captcha-innerbotshield-captcha-fieldbotshield-captcha-refreshbotshield-captcha-loadingbotshield-captcha-error

Data Attributes

data-botshield-captcha-iddata-captcha-typedata-difficulty

JS Globals

botshield_captcha_obj

REST Endpoints

/wp-json/botshield-captcha/v1/refresh/wp-json/botshield-captcha/v1/image

FAQ