click5 CRM add-on to Contact Form 7 Security & Risk Analysis
wordpress.org/plugins/cf7-add-on-by-click5Seemingly integrate your Contact Form 7 forms with click5 CRM.
Is click5 CRM add-on to Contact Form 7 Safe to Use in 2026?
Generally Safe
Score 85/100click5 CRM add-on to Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "cf7-add-on-by-click5" v1.0.4 exhibits a significant security concern due to its entirely unprotected REST API entry points. With 9 REST API routes, all lacking permission callbacks, an attacker could potentially interact with these endpoints without any authentication or authorization checks. This creates a wide attack surface that could be exploited to manipulate plugin functionality or access sensitive data. While the plugin demonstrates good practices in other areas, such as using prepared statements for all SQL queries and having no recorded vulnerabilities, the unprotected REST API endpoints represent a critical weakness that needs immediate attention. The absence of taint analysis results and a lack of known CVEs are positive indicators, but they do not negate the risk posed by the exposed REST API.
Key Concerns
- 9 unprotected REST API routes
- 66% of outputs properly escaped (11% not)
- 0 nonce checks on AJAX handlers
- 1 capability check, but 9 REST API routes lack them
click5 CRM add-on to Contact Form 7 Security Vulnerabilities
click5 CRM add-on to Contact Form 7 Release Timeline
click5 CRM add-on to Contact Form 7 Code Analysis
Output Escaping
click5 CRM add-on to Contact Form 7 Attack Surface
REST API Routes 9
WordPress Hooks 9
Maintenance & Trust
click5 CRM add-on to Contact Form 7 Maintenance & Trust
Maintenance Signals
Community Trust
click5 CRM add-on to Contact Form 7 Alternatives
click5 CRM add-on to Ninja Forms
click5-crm-add-on-to-ninja-forms
Seemingly integrate your Ninja forms with click5 CRM.
click5 CRM add-on to Gravity Forms
gf-add-on-by-click5
Seemingly integrate your Gravity Forms forms with click5 CRM.
click5 CRM add-on to WPForms
wpf-add-on-by-click5
Seemingly integrate your WPForms forms with click5 CRM.
Flamingo
flamingo
A trustworthy message storage plugin for Contact Form 7.
HubSpot All-In-One Marketing – Forms, Popups, Live Chat
leadin
The CRM, Sales, and Marketing WordPress plugin to grow your business better. Capture and engage web visitors with free live chat, forms, CRM, email ma …
click5 CRM add-on to Contact Form 7 Developer Profile
8 plugins · 7K total installs
How We Detect click5 CRM add-on to Contact Form 7
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/cf7-add-on-by-click5/css/cf7-addon-by-click5.css/wp-content/plugins/cf7-add-on-by-click5/js/cf7-addon-by-click5.js/wp-content/plugins/cf7-add-on-by-click5/js/cf7-addon-by-click5.jscf7-add-on-by-click5/css/cf7-addon-by-click5.css?ver=cf7-add-on-by-click5/js/cf7-addon-by-click5.js?ver=HTML / DOM Fingerprints
click5_cf7_headingclick5_cf7_wrapper_content_settingscontent-leftclick5_cf7_addon_posting_urlcan-disabledisabledenable-perphpFormData+9 moredata-valueid="verification_token"id="user_identificator"id="click5_cf7_addon_posting_url"id="click5_cf7_addon_form_enable_name="click5_cf7_addon_form_enable_+2 moreCLICK5_CF7_VERSIONCLICK5_CF7_DEV_MODE