WP-Safety

Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms Security & Risk Analysis

wordpress.org/plugins/cf7-active-campaign

Send Contact Form 7, WPForms, Elementor, Ninja Forms, CRM Perks Forms and many other contact form submissions to ActiveCampaign.

200 active installs v1.1.3 PHP 5.3+ WP 3.8+ Updated Dec 15, 2025
activecampaign-wpformscontact-form-7contact-form-7-activecampaignelementor-forms-activecampaignninja-forms-activecampaign-integration
100
A · Safe
CVEs total1
Unpatched0
Last CVEAug 26, 2021
Plugin page Download
Safety Verdict

Is Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms Safe to Use in 2026?

Generally Safe

Score 100/100

Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 26, 2021Updated 3mo ago
Risk Assessment

The "cf7-active-campaign" plugin v1.1.3 demonstrates several positive security practices, including a complete absence of identified taint flows and no currently unpatched CVEs. The static analysis shows a significant number of capability checks and nonce checks, indicating an awareness of protecting sensitive operations. Furthermore, the majority of SQL queries utilize prepared statements, which is a crucial defense against SQL injection vulnerabilities. However, there are areas of concern that temper the overall security posture. The low percentage of properly escaped output (39%) is a significant weakness, suggesting a high potential for Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's history of XSS-related CVEs. While there are no active CVEs, the past medium-severity XSS vulnerability from 2021 highlights a recurring issue with input sanitization. The presence of file operations and external HTTP requests, though not inherently problematic, warrants careful scrutiny in conjunction with the output escaping issues.

In conclusion, while the plugin has foundational security elements in place and has addressed past vulnerabilities, the persistent concern around output escaping creates a notable risk. The high proportion of unescaped output directly correlates with the historical XSS vulnerability. The plugin developer should prioritize a comprehensive audit and remediation of all output contexts to ensure proper escaping. The lack of identified entry points and taint flows is a positive, but it does not entirely mitigate the risk posed by improper output handling.

Key Concerns

  • Low percentage of properly escaped output
  • Past medium severity XSS vulnerability
Vulnerabilities
1

Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-cc1e9778-2860-4e3c-a2e4-28f10d585fed-cf7-active-campaignmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CRM Perks - Various Plugins (Various Versions) - Reflected Cross-Site Scripting

Aug 26, 2021 Patched in 1.0.4 (880d)
Code Analysis
Analyzed Mar 16, 2026

Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
8
25 prepared
Unescaped Output
183
118 escaped
Nonce Checks
16
Capability Checks
21
File Operations
1
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

76% prepared33 total queries

Output Escaping

39% escaped301 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
settings_page (includes\plugin-pages.php:1477)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 39
actionplugins_loadedcf7-active-campaign.php:63
actioncfx_form_submittedcf7-active-campaign.php:102
actionvxcf_entry_createdcf7-active-campaign.php:103
actionvx_contact_createdcf7-active-campaign.php:104
actionvx_callcenter_entry_createdcf7-active-campaign.php:105
filterwpcf7_before_send_mailcf7-active-campaign.php:107
actionfrm_after_create_entrycf7-active-campaign.php:109
actionninja_forms_after_submissioncf7-active-campaign.php:110
actionwpforms_process_entry_savecf7-active-campaign.php:111
actionelementor_pro/forms/new_recordcf7-active-campaign.php:113
actioninitcf7-active-campaign.php:117
actionvx_cf_add_meta_boxincludes\crmperks-cf.php:10
actioncfx_add_meta_boxincludes\plugin-pages.php:35
actioncfx_form_entry_updatedincludes\plugin-pages.php:36
actioncfx_form_post_note_addedincludes\plugin-pages.php:37
actioncfx_form_pre_note_deletedincludes\plugin-pages.php:38
actioncfx_form_pre_trash_leadsincludes\plugin-pages.php:39
actioncfx_form_pre_restore_leadsincludes\plugin-pages.php:40
filteradmin_menuincludes\plugin-pages.php:53
filtervx_cf_meta_boxes_rightincludes\plugin-pages.php:54
actionadmin_noticesincludes\plugin-pages.php:55
filterplugin_action_linksincludes\plugin-pages.php:56
actionvxcf_entry_submit_btnincludes\plugin-pages.php:57
actionvx_cf7_post_note_addedincludes\plugin-pages.php:59
actionvx_cf7_pre_note_deletedincludes\plugin-pages.php:60
actionvx_cf7_pre_trash_leadsincludes\plugin-pages.php:61
actionvx_cf7_pre_restore_leadsincludes\plugin-pages.php:62
actionvx_cf7_entry_updatedincludes\plugin-pages.php:63
actionvx_contact_post_note_addedincludes\plugin-pages.php:65
actionvx_contact_pre_note_deletedincludes\plugin-pages.php:66
actionvx_contact_pre_trash_leadsincludes\plugin-pages.php:67
actionvx_contact_pre_restore_leadsincludes\plugin-pages.php:68
actionvx_contact_entry_updatedincludes\plugin-pages.php:69
filtervx_callcenter_entries_actionincludes\plugin-pages.php:71
filtervx_callcenter_bulk_actionsincludes\plugin-pages.php:72
filterplugin_row_metawp\crmperks-notices.php:16
filteradmin_footer_textwp\crmperks-notices.php:24
actionadmin_noticeswp\crmperks-notices.php:26
filterplugins_apiwp\crmperks-notices.php:28
Maintenance & Trust

Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 15, 2025
PHP min version5.3
Downloads8K

Community Trust

Rating100/100
Number of ratings2
Active installs200
Alternatives

Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms Alternatives

Database Addon for Contact Form 7 – CFDB7

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

A
90

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs
ReCaptcha v2 for Contact Form 7

ReCaptcha v2 for Contact Form 7

wpcf7-recaptcha

A
100

Adds reCaptcha v2 from Contact Form 7 5.0.5 that was dropped on Contact Form 7 5.1

200K No CVEs
Redirection for Contact Form 7

Redirection for Contact Form 7

wpcf7-redirect

A
88

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs
Conditional Fields for Contact Form 7

Conditional Fields for Contact Form 7

cf7-conditional-fields

A
97

Adds conditional logic to Contact Form 7.

100K 4 CVEs
Contact Form 7 – Dynamic Text Extension

Contact Form 7 – Dynamic Text Extension

contact-form-7-dynamic-text-extension

B
74

Extends Contact Form 7 by adding dynamic form fields that accepts shortcodes to prepopulate form fields with default values and dynamic placeholders.

100K 1 unpatched
Developer Profile

Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms Developer Profile

CRM Perks

32 plugins · 105K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
349 days
View full developer profile
Detection Fingerprints

How We Detect Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cf7-active-campaign/css/activecampaign-admin.css/wp-content/plugins/cf7-active-campaign/css/activecampaign-style.css/wp-content/plugins/cf7-active-campaign/js/activecampaign-admin.js/wp-content/plugins/cf7-active-campaign/js/activecampaign-script.js
Script Paths
/wp-content/plugins/cf7-active-campaign/js/activecampaign-admin.js/wp-content/plugins/cf7-active-campaign/js/activecampaign-script.js
Version Parameters
/wp-content/plugins/cf7-active-campaign/css/activecampaign-admin.css?ver=/wp-content/plugins/cf7-active-campaign/css/activecampaign-style.css?ver=/wp-content/plugins/cf7-active-campaign/js/activecampaign-admin.js?ver=/wp-content/plugins/cf7-active-campaign/js/activecampaign-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
vxcf-activecampaign-wrapvxcf-activecampaign-wrappervxcf-activecampaign-noticevxcf-activecampaign-fieldvxcf-activecampaign-inputvxcf-activecampaign-selectvxcf-activecampaign-textareavxcf-activecampaign-form+2 more
Data Attributes
data-crmperks-plugin='activecampaign'
JS Globals
vxcf_activecampaign_admin_objvxcf_activecampaign_script_obj
FAQ

Frequently Asked Questions about Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms