Does AntiSpam for Contact Form 7 have any unpatched vulnerabilities?

No. All known vulnerabilities in AntiSpam for Contact Form 7 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is AntiSpam for Contact Form 7 compatible with WordPress 6.9.4?

According to WordPress.org data, AntiSpam for Contact Form 7 0.7.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is AntiSpam for Contact Form 7 compatible with PHP 7.4+?

AntiSpam for Contact Form 7 requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is AntiSpam for Contact Form 7 updated?

AntiSpam for Contact Form 7 was last updated on Jan 30, 2026. Frequent updates are generally a positive security signal.

What is AntiSpam for Contact Form 7's security score?

AntiSpam for Contact Form 7 has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AntiSpam for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/cf7-antispam

A trustworthy antispam plugin for Contact Form 7. Wave goodbye to spam and keep your inbox clean!

10K active installs v0.7.4 PHP 7.4+ WP 6.2+ Updated Jan 30, 2026

antispamgeoiphoneypotsecurity

A · Safe

CVEs total2

Unpatched0

Last CVEJul 16, 2025

Download

Safety Verdict

Is AntiSpam for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 98/100

AntiSpam for Contact Form 7 has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jul 16, 2025Updated 2mo ago

Risk Assessment

The "cf7-antispam" plugin v0.7.4 presents a mixed security posture. On the positive side, the static analysis indicates a robust implementation of modern WordPress security practices, with an extremely high percentage of SQL queries using prepared statements and output escaping. The plugin also demonstrates a good use of nonce and capability checks, and notably, no external HTTP requests or bundled libraries are present, which reduces potential attack vectors. The attack surface, in terms of direct entry points like AJAX handlers, REST API routes, and shortcodes, is zero, which is excellent. The taint analysis showing no critical or high severity flows with unsanitized paths further reinforces this positive outlook.

However, a significant concern arises from the presence of the `unserialize` function, which is a known source of vulnerabilities if not handled with extreme care and proper input validation. While the static analysis doesn't highlight immediate risks related to `unserialize` in this specific scan, its mere presence warrants caution. Furthermore, the vulnerability history reveals two past medium-severity CVEs, specifically related to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS). The fact that these were not critical or high severity and are currently unpatched is a slightly positive sign, but the existence of these past issues, particularly XSS and CSRF, suggests potential weaknesses in input sanitization or output encoding in previous versions, which could theoretically still be relevant if the `unserialize` function is used insecurely.

In conclusion, while "cf7-antispam" v0.7.4 benefits from a minimal attack surface and strong adherence to prepared statements and output escaping, the potential risks associated with the `unserialize` function and the history of medium-severity CSRF and XSS vulnerabilities necessitate a degree of caution. The plugin appears to have addressed past vulnerabilities, but the `unserialize` function remains a latent risk that should be closely monitored and audited.

Key Concerns

Presence of unserialize function
Two past medium CVEs (CSRF, XSS)

Vulnerabilities

AntiSpam for Contact Form 7 Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-54020medium · 4.3Cross-Site Request Forgery (CSRF)

AntiSpam for Contact Form 7 <= 0.6.3 - Cross-Site Request Forgery

Jul 16, 2025 Patched in 0.6.4 (6d)

CVE-2024-27961medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

AntiSpam for Contact Form 7 <= 0.6.0 - Reflected Cross-Site Scripting

Mar 13, 2024 Patched in 0.6.1 (8d)

Code Analysis

Analyzed Mar 16, 2026

AntiSpam for Contact Form 7 Code Analysis

Dangerous Functions

Raw SQL Queries

80 prepared

Unescaped Output

333 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$decoded_meta = unserialize( $row->meta ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.seradmin\CF7_AntiSpam_Admin_Display.php:396

unserialize$meta = unserialize( $row->meta );admin\CF7_AntiSpam_Admin_Display.php:810

unserialize$meta = unserialize( $row->meta );admin\CF7_AntiSpam_Admin_Tools.php:41

unserialize$meta = ! empty( $ip_row->meta ) ? unserialize( $ip_row->meta ) : array();core\CF7_Antispam_Blocklist.php:68

SQL Query Safety

89% prepared90 total queries

Output Escaping

97% escaped344 total outputs

Attack Surface

AntiSpam for Contact Form 7 Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 60

actionadmin_initadmin\CF7_AntiSpam_Admin_Customizations.php:64

filterwp_check_filetype_and_extadmin\CF7_AntiSpam_Admin_Customizations.php:1124

actionwpmu_new_blogcf7-antispam.php:93

filterwpmu_drop_tablescf7-antispam.php:108

actionwpcf7_initcf7-antispam.php:137

actioninitcf7-antispam.php:146

actionplugins_loadedcore\CF7_AntiSpam.php:154

filterwpcf7_spamcore\CF7_AntiSpam.php:170

actioncf7a_croncore\CF7_AntiSpam.php:174

actionwpcf7_after_flamingocore\CF7_AntiSpam.php:181

actionwpcf7_after_flamingocore\CF7_AntiSpam.php:184

actioncf7a_geoip_update_dbcore\CF7_AntiSpam.php:191

filtercf7_smtp_report_mailbodycore\CF7_AntiSpam.php:196

actionadmin_initcore\CF7_AntiSpam.php:216

actionadmin_menucore\CF7_AntiSpam.php:222

filteradmin_body_classcore\CF7_AntiSpam.php:225

actionadmin_enqueue_scriptscore\CF7_AntiSpam.php:228

actionadmin_enqueue_scriptscore\CF7_AntiSpam.php:229

actionadmin_noticescore\CF7_AntiSpam.php:235

actionload-flamingo_page_flamingo_inboundcore\CF7_AntiSpam.php:241

actionwp_dashboard_setupcore\CF7_AntiSpam.php:243

filtermanage_flamingo_inbound_posts_columnscore\CF7_AntiSpam.php:246

actionmanage_flamingo_inbound_posts_custom_columncore\CF7_AntiSpam.php:247

actionmanage_flamingo_inbound_posts_custom_columncore\CF7_AntiSpam.php:248

actionadmin_noticescore\CF7_AntiSpam.php:283

filterwpcf7_posted_datacore\CF7_AntiSpam_Cache_Compatibility.php:62

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:28

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:31

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:32

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:33

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:34

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:37

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:38

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:39

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:40

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:41

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:42

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:43

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:44

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:45

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:46

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:47

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:48

filtercf7a_spam_check_chaincore\CF7_AntiSpam_Filters.php:51

actionwp_enqueue_scriptscore\CF7_AntiSpam_Frontend.php:82

filterwpcf7_form_hidden_fieldscore\CF7_AntiSpam_Frontend.php:98

filterwpcf7_config_validator_available_error_codescore\CF7_AntiSpam_Frontend.php:99

filterwpcf7_form_hidden_fieldscore\CF7_AntiSpam_Frontend.php:103

filterwpcf7_form_hidden_fieldscore\CF7_AntiSpam_Frontend.php:108

filterwpcf7_form_hidden_fieldscore\CF7_AntiSpam_Frontend.php:113

filterwpcf7_form_elementscore\CF7_AntiSpam_Frontend.php:118

filterthe_contentcore\CF7_AntiSpam_Frontend.php:123

filterwp_headerscore\CF7_AntiSpam_Frontend.php:133

actionwpcf7_before_send_mailcore\CF7_AntiSpam_Frontend.php:138

actionwp_footercore\CF7_AntiSpam_Frontend.php:145

filterxmlrpc_enabledcore\CF7_AntiSpam_Frontend.php:463

filterrest_endpointscore\CF7_AntiSpam_Frontend.php:471

actionrest_api_initcore\CF7_AntiSpam_Public_Rest_Api.php:50

actionrest_api_initcore\CF7_AntiSpam_Rest_Api.php:56

filtercron_schedulescore\functions.php:200

Scheduled Events 1

cf7a_geoip_update_db

Maintenance & Trust

AntiSpam for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 30, 2026

PHP min version7.4

Downloads81K

Community Trust

Rating84/100

Number of ratings12

Active installs10K

Alternatives

AntiSpam for Contact Form 7 Alternatives

Honeypot Anti-Spam

honeypot-antispam

Protege WordPress del SPAM mediante honeypot.

10K No CVEs

Honeypot WooCommerce – WordPress AntiSpam

honeypot-woocommerce-wp-antispam

This plugin activates a honeypot (Anti-Spam and anti-bot) in the following sites:

200 No CVEs

Honeypot Guard – Silent Anti-Spam

honeypot-guard-silent-anti-spam

100

Anti-spam protection for forms, signups, and comments using advanced honeypot techniques. No CAPTCHAs, no user friction.

10 No CVEs

reCaptcha by BestWebSoft

google-captcha

Protect WordPress website forms from spam entries with Google reCAPTCHA.

100K 3 CVEs

Titan Anti-spam & Security

anti-spam

Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication …

60K 3 CVEs

Developer Profile

AntiSpam for Contact Form 7 Developer Profile

Erik

6 plugins · 11K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect AntiSpam for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cf7-antispam/assets/css/admin.css/wp-content/plugins/cf7-antispam/assets/css/cf7-antispam.css/wp-content/plugins/cf7-antispam/assets/js/admin.js/wp-content/plugins/cf7-antispam/assets/js/cf7-antispam.js

Script Paths

/wp-content/plugins/cf7-antispam/assets/js/admin.js/wp-content/plugins/cf7-antispam/assets/js/cf7-antispam.js

Version Parameters

/wp-content/plugins/cf7-antispam/assets/css/admin.css?ver=/wp-content/plugins/cf7-antispam/assets/css/cf7-antispam.css?ver=/wp-content/plugins/cf7-antispam/assets/js/admin.js?ver=/wp-content/plugins/cf7-antispam/assets/js/cf7-antispam.js?ver=

HTML / DOM Fingerprints

CSS Classes

fit-the-fullspace

Data Attributes

data-cf7a-nonce

JS Globals

cf7AntispamParams

FAQ