WP-Safety

click5 CRM add-on to Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/cf7-add-on-by-click5

Seemingly integrate your Contact Form 7 forms with click5 CRM.

0 active installs v1.0.4 PHP 7.0+ WP 5.3+ Updated Unknown
click5click5crmcrm
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is click5 CRM add-on to Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 100/100

click5 CRM add-on to Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The plugin "cf7-add-on-by-click5" v1.0.4 exhibits a significant security concern due to its entirely unprotected REST API entry points. With 9 REST API routes, all lacking permission callbacks, an attacker could potentially interact with these endpoints without any authentication or authorization checks. This creates a wide attack surface that could be exploited to manipulate plugin functionality or access sensitive data. While the plugin demonstrates good practices in other areas, such as using prepared statements for all SQL queries and having no recorded vulnerabilities, the unprotected REST API endpoints represent a critical weakness that needs immediate attention. The absence of taint analysis results and a lack of known CVEs are positive indicators, but they do not negate the risk posed by the exposed REST API.

Key Concerns

  • 9 unprotected REST API routes
  • 66% of outputs properly escaped (11% not)
  • 0 nonce checks on AJAX handlers
  • 1 capability check, but 9 REST API routes lack them
Vulnerabilities
None known

click5 CRM add-on to Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

click5 CRM add-on to Contact Form 7 Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
26
51 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

66% escaped77 total outputs
Attack Surface
9 unprotected

click5 CRM add-on to Contact Form 7 Attack Surface

Entry Points9
Unprotected9

REST API Routes 9

POST/wp-json/click5_cf7_addon/API/update_option_AJAXapi.php:362
POST/wp-json/click5_cf7_addon/API/edit_const_option_AJAXapi.php:368
POST/wp-json/click5_cf7_addon/API/reset_options_AJAXapi.php:374
GET/wp-json/click5_cf7_addon/API/get_constants_AJAXapi.php:379
POST/wp-json/click5_cf7_addon/API/get_pagination_logsapi.php:385
POST/wp-json/click5_cf7_addon/API/reset_count_errorsapi.php:390
GET/wp-json/click5_cf7_addon/API/get_notificationsapi.php:395
POST/wp-json/click5_cf7_addon/API/post_notificationsapi.php:400
POST/wp-json/click5_cf7_addon/API/post_remove_notificationapi.php:405
WordPress Hooks 9
actionrest_api_initapi.php:361
filterauto_update_plugincf7-addon-by-click5.php:28
actionadmin_menucf7-addon-by-click5.php:32
actionadmin_initcf7-addon-by-click5.php:41
filterplugin_row_metacf7-addon-by-click5.php:55
actionadmin_initcf7-addon-by-click5.php:65
actionadmin_noticescf7-addon-by-click5.php:68
actionclick5_cf7_default_optionscf7-addon-by-click5.php:101
actionadmin_enqueue_scriptscf7-addon-by-click5.php:416
Maintenance & Trust

click5 CRM add-on to Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedUnknown
PHP min version7.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

click5 CRM add-on to Contact Form 7 Alternatives

click5 CRM add-on to Gravity Forms

click5 CRM add-on to Gravity Forms

gf-add-on-by-click5

A
85

Seemingly integrate your Gravity Forms forms with click5 CRM.

0 No CVEs
Flamingo

Flamingo

flamingo

A
100

A trustworthy message storage plugin for Contact Form 7.

800K 1 CVE
HubSpot All-In-One Marketing – Forms, Popups, Live Chat

HubSpot All-In-One Marketing – Forms, Popups, Live Chat

leadin

A
98

The CRM, Sales, and Marketing WordPress plugin to grow your business better. Capture and engage web visitors with free live chat, forms, CRM, email ma …

200K 2 CVEs
FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

fluent-crm

A
96

The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress

70K 3 CVEs
LeadConnector

LeadConnector

leadconnector

A
99

LeadConnector: It helps you to add the LeadConnector chat widget and the LeadConnector funnel pages to your WordPress website.

30K 2 CVEs
Developer Profile

click5 CRM add-on to Contact Form 7 Developer Profile

click5

6 plugins · 7K total installs

69
trust score
Avg Security Score
85/100
Avg Patch Time
375 days
View full developer profile
Detection Fingerprints

How We Detect click5 CRM add-on to Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cf7-add-on-by-click5/css/cf7-addon-by-click5.css/wp-content/plugins/cf7-add-on-by-click5/js/cf7-addon-by-click5.js
Script Paths
/wp-content/plugins/cf7-add-on-by-click5/js/cf7-addon-by-click5.js
Version Parameters
cf7-add-on-by-click5/css/cf7-addon-by-click5.css?ver=cf7-add-on-by-click5/js/cf7-addon-by-click5.js?ver=

HTML / DOM Fingerprints

CSS Classes
click5_cf7_headingclick5_cf7_wrapper_content_settingscontent-leftclick5_cf7_addon_posting_urlcan-disabledisabledenable-perphpFormData+9 more
Data Attributes
data-valueid="verification_token"id="user_identificator"id="click5_cf7_addon_posting_url"id="click5_cf7_addon_form_enable_name="click5_cf7_addon_form_enable_+2 more
JS Globals
CLICK5_CF7_VERSIONCLICK5_CF7_DEV_MODE
FAQ

Frequently Asked Questions about click5 CRM add-on to Contact Form 7