SilentShield – Captcha & Anti-Spam for WordPress (CF7, WPForms, Elementor, WooCommerce) Security & Risk Analysis

wordpress.org/plugins/captcha-for-contact-form-7

SilentShield – the invisible shield against spam. Spam is the weed of the internet. It clogs your forms, steals your time, and corrupts your data.

10K active installs v2.3.5 PHP 7.4+ WP 5.2+ Updated Feb 20, 2026

captchacontact-form-7fluentformhoneypotspam-protection

A · Safe

CVEs total1

Unpatched0

Last CVEOct 3, 2023

Plugin page Download

Safety Verdict

Is SilentShield – Captcha & Anti-Spam for WordPress (CF7, WPForms, Elementor, WooCommerce) Safe to Use in 2026?

Generally Safe

Score 100/100

SilentShield – Captcha & Anti-Spam for WordPress (CF7, WPForms, Elementor, WooCommerce) has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 3, 2023Updated 1mo ago

Risk Assessment

The plugin 'captcha-for-contact-form-7' v2.3.5 exhibits a generally good security posture, with several positive indicators. The attack surface is notably clean, with no AJAX handlers, REST API routes, or shortcodes found. The majority of SQL queries (95%) are prepared, and a high percentage of output (89%) is properly escaped, suggesting developers have taken care to prevent common web vulnerabilities. The plugin also incorporates nonce and capability checks, further bolstering its defenses.

However, some areas warrant attention. The presence of two flows with unsanitized paths in the taint analysis, although not resulting in critical or high severity issues, indicates a potential for indirect manipulation if these paths are used in file operations or other sensitive contexts. Furthermore, the plugin has a history of known vulnerabilities, including a medium-severity one, and a past common vulnerability type of 'Guessable CAPTCHA'. While the most recent vulnerability is patched, this history suggests that the plugin might be a target for attackers and requires ongoing vigilance.

In conclusion, while the current version shows good adherence to many security best practices and has a small attack surface, the past vulnerability history and the presence of unsanitized paths in taint flows are areas that require careful monitoring and potentially further investigation to ensure complete security. The plugin's strengths lie in its minimal entry points and good data handling practices, but its past suggests a need for continued security focus.

Key Concerns

Known medium severity CVE present
Flows with unsanitized paths (potential risk)
Limited capability checks (2)
File operations present (3)
External HTTP requests present (3)

Vulnerabilities

SilentShield – Captcha & Anti-Spam for WordPress (CF7, WPForms, Elementor, WooCommerce) Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-45009medium · 5.3Guessable CAPTCHA

Captcha/Honeypot for Contact Form 7 <= 1.11.3 - Captcha Bypass

Oct 3, 2023 Patched in 1.11.4 (112d)

Code Analysis

Analyzed Mar 16, 2026

SilentShield – Captcha & Anti-Spam for WordPress (CF7, WPForms, Elementor, WooCommerce) Code Analysis

Dangerous Functions

Raw SQL Queries

56 prepared

Unescaped Output

510 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

95% prepared59 total queries

Output Escaping

89% escaped575 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

delete_timer (core\protection\time\TimerValidatorController.class.php:62)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

SilentShield – Captcha & Anti-Spam for WordPress (CF7, WPForms, Elementor, WooCommerce) Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 52

actionadmin_initcompatibility\cf7\Backend.class.php:25

actionwpcf7_initcompatibility\cf7\Backend.class.php:26

filterwpcf7_validate_f12_captchacompatibility\cf7\Backend.class.php:27

filterwpcf7_display_messagecompatibility\cf7\ControllerCF7.class.php:78

filterf12_cf7_captcha_wc_login_validatedcompatibility\ultimatemember\ControllerUltimateMember.class.php:80

filterf12_cf7_captcha_wc_registration_validatedcompatibility\ultimatemember\ControllerUltimateMember.class.php:81

filterf12_cf7_captcha_wc_login_validatedcompatibility\woocommerce-login\ControllerWoocommerceLogin.class.php:44

filterf12_cf7_captcha_wc_registration_validatedcompatibility\woocommerce-registration\ControllerWoocommerceRegistration.class.php:44

actionf12_cf7_captcha_compatibilities_loadedcore\BaseController.class.php:69

filterkses_allowed_protocolscore\bootstrap.php:18

filterwp_img_tag_add_loading_attrcore\bootstrap.php:28

filteravada_lazyload_exclude_imagescore\bootstrap.php:39

filterthe_contentcore\bootstrap.php:49

actionplugins_loadedcore\bootstrap.php:97

actionafter_setup_themecore\Compatibility.class.php:55

actionf12_cf7_captcha_ui_after_load_compatibilitiescore\Compatibility.class.php:58

actionweeklyIPClearcore\log\Log_Cleaner.class.php:44

actioninitcore\log\Log_WordPress.class.php:67

actioninitcore\log\Log_WordPress.class.php:75

actionadmin_menucore\log\Log_WordPress.class.php:83

filterparent_filecore\log\Log_WordPress.class.php:88

filterf12-cf7-captcha-log-datacore\protection\browser\Browser.php:93

actiondailyCaptchaClearcore\protection\captcha\CaptchaCleaner.class.php:29

actiondailyCaptchaClearcore\protection\captcha\CaptchaCleaner.class.php:30

actionf12_captcha_pool_fillcore\protection\captcha\CaptchaCleaner.class.php:33

filtercron_schedulescore\protection\captcha\CaptchaCleaner.class.php:41

actionweeklyIPClearcore\protection\ip\IPBanCleaner.class.php:29

actionweeklyIPClearcore\protection\ip\IPLogCleaner.class.php:21

filterf12-cf7-captcha-log-datacore\protection\javascript\Javascript_Validator.php:48

actionf12_cf7_captcha_compatibilities_loadedcore\protection\Protection.class.php:57

filterf12-cf7-captcha-ruleregex-exclusion-countercore\protection\rules\RuleRegex.class.php:37

actionadmin_enqueue_scriptscore\protection\rules\RulesAjax.class.php:33

filterwpcf7_display_messagecore\protection\rules\RulesHandler.class.php:58

actionrest_api_initcore\rest\RestController.class.php:43

filterrest_post_dispatchcore\rest\RestController.class.php:44

actionadmin_noticescore\review.php:2

actionadmin_initcore\review.php:3

actionwp_footercore\Support.class.php:25

actionf12_cf7_captcha_daily_telemetrycore\telemetry.php:163

actiondailyCaptchaTimerClearcore\timer\CaptchaTimerCleaner.class.php:27

actioninitcore\timer\Timer_Controller.class.php:40

actioninitf12-cf7-captcha.php:299

actioninitf12-cf7-captcha.php:304

filterf12-cf7-captcha_settings_loadedf12-cf7-captcha.php:310

actionadmin_enqueue_scriptsf12-cf7-captcha.php:324

actionwp_enqueue_scriptsf12-cf7-captcha.php:325

actionlogin_enqueue_scriptsf12-cf7-captcha.php:326

actionin_plugin_update_message-f12-cf7-captcha/f12-cf7-captcha.phpf12-cf7-captcha.php:330

actionadmin_enqueue_scriptsui\core\UI_Asset_Handler.php:43

actionadmin_enqueue_scriptsui\core\UI_Asset_Handler.php:46

actionadmin_menuui\core\UI_WordPress.php:29

actionadmin_headui\core\UI_WordPress.php:34

Scheduled Events 5

f12_cf7_captcha_daily_telemetry

weeklyIPClear

dailyCaptchaClear

dailyCaptchaTimerClear

f12_captcha_pool_fill

Maintenance & Trust

SilentShield – Captcha & Anti-Spam for WordPress (CF7, WPForms, Elementor, WooCommerce) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 20, 2026

PHP min version7.4

Downloads198K

Community Trust

Rating92/100

Number of ratings18

Active installs10K

Alternatives

SilentShield – Captcha & Anti-Spam for WordPress (CF7, WPForms, Elementor, WooCommerce) Alternatives

CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

contact-form-7-honeypot

100

Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.

300K No CVEs

Contact Form 7 Captcha

contact-form-7-simple-recaptcha

Protect your Contact Form 7 forms with Google reCAPTCHA V2, Google reCAPTCHA V3, hCAPTCHA, or Cloudflare Turnstile.

100K 2 CVEs

Contact Form 7 Text CAPTCHA

text-captcha-contact-form-7

Secure your website Contact Form 7 forms from bots and hackers using plugin Contact Form 7 Text CAPTCHA. Just place shortcode [captchacf7* input-captc …

2K No CVEs

$Math Captcha for Contact Form 7$

Math Captcha for Contact Form 7

math-captcha-for-contact-form-7

100

A powerful, lightweight, and smart Math Captcha solution to block spam from Contact Form 7, WP Login, WooCommerce, and Tutor LMS forms.

100 No CVEs

BotShield CAPTCHA for Contact Form 7

botshield-captcha

100

BotShield CAPTCHA for Contact Form 7 – Advanced Spam Protection with Turnstile, reCAPTCHA, Arithmetic, and Alphanumeric.

10 No CVEs

Developer Profile

SilentShield – Captcha & Anti-Spam for WordPress (CF7, WPForms, Elementor, WooCommerce) Developer Profile

Forge12 Interactive GmbH

6 plugins · 12K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

76 days

View full developer profile

Detection Fingerprints

How We Detect SilentShield – Captcha & Anti-Spam for WordPress (CF7, WPForms, Elementor, WooCommerce)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/captcha-for-contact-form-7/build/css/main.css/wp-content/plugins/captcha-for-contact-form-7/build/js/captcha-for-contact-form-7.js

Script Paths

/wp-content/plugins/captcha-for-contact-form-7/build/js/captcha-for-contact-form-7.js

Version Parameters

captcha-for-contact-form-7/build/css/main.css?ver=captcha-for-contact-form-7/build/js/captcha-for-contact-form-7.js?ver=

HTML / DOM Fingerprints

CSS Classes

f12-cf7-captcha-wrapperf12-cf7-captcha-input-wrapper

HTML Comments

Data Attributes

data-f12-cf7-captcha-site-keydata-f12-cf7-captcha-theme

JS Globals

f12_cf7_captcha_settings

REST Endpoints

/wp-json/f12-cf7-captcha/v1/captcha-config

Shortcode Output

[f12_cf7_captcha]

FAQ