WP-Safety

Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms Security & Risk Analysis

wordpress.org/plugins/cf7-constant-contact

Send Contact Form 7, WPForms, Elementor, Ninja Forms, Contact Forms Entries data and many other contact form submissions to Constant Contact.

800 active installs v1.2.0 PHP 5.3+ WP 3.8+ Updated Dec 26, 2025
contact-form-7-constant-contactelementor-forms-constant-contact-integrationninja-forms-constant-contactwpforms-constant-contact
96
A · Safe
CVEs total4
Unpatched0
Last CVEJul 30, 2025
Plugin page Download
Safety Verdict

Is Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms Safe to Use in 2026?

Generally Safe

Score 96/100

Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Jul 30, 2025Updated 3mo ago
Risk Assessment

The plugin "cf7-constant-contact" v1.2.0 exhibits a mixed security posture. On one hand, static analysis reveals a commendable lack of direct entry points like unprotected AJAX handlers, REST API routes, or shortcodes, suggesting a controlled attack surface. The high percentage of SQL queries using prepared statements and a good rate of output escaping are also positive indicators of secure coding practices. Nonce and capability checks are present, further reinforcing a security-conscious approach in the current version's code.

However, the presence of the `unserialize` function is a notable concern, as it can be a vector for Remote Code Execution (RCE) if not handled with extreme caution and input validation. While taint analysis did not reveal any unsanitized flows in this scan, the potential for issues with `unserialize` remains. The plugin's history of 4 known CVEs, all medium severity, involving XSS, CSRF, and Open Redirect vulnerabilities, is a significant red flag. Although there are currently no unpatched CVEs, this history indicates past weaknesses that could potentially resurface or be exploited in different ways.

In conclusion, while the current version of "cf7-constant-contact" demonstrates improved secure coding practices compared to its past, the lingering presence of a dangerous function like `unserialize` and the historical pattern of medium-severity vulnerabilities warrant careful consideration. The plugin has a history of common web vulnerabilities, suggesting that developers should remain vigilant and prioritize thorough security audits, especially when processing external data that might be unserialized.

Key Concerns

  • Dangerous function detected (unserialize)
  • Vulnerability history (4 medium CVEs)
  • Vulnerabilities include XSS, CSRF, Open Redirect
Vulnerabilities
4

Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2023
2023
1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2025-54684medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Integration for Contact Form 7 and Constant Contact <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jul 30, 2025 Patched in 1.1.8 (6d)
CVE-2024-35632medium · 4.3Cross-Site Request Forgery (CSRF)

Integration for Contact Form 7 and Constant Contact <= 1.1.5 - Cross-Site Request Forgery

May 27, 2024 Patched in 1.1.6 (334d)
CVE-2023-47779medium · 4.7URL Redirection to Untrusted Site ('Open Redirect')

Integration for Contact Form 7 and Constant Contact <= 1.1.4 - Open Redirect

Nov 14, 2023 Patched in 1.1.5 (70d)
WF-cc1e9778-2860-4e3c-a2e4-28f10d585fed-cf7-constant-contactmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CRM Perks - Various Plugins (Various Versions) - Reflected Cross-Site Scripting

Aug 26, 2021 Patched in 1.1.0 (880d)
Code Analysis
Analyzed Mar 16, 2026

Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms Code Analysis

Dangerous Functions
1
Raw SQL Queries
8
26 prepared
Unescaped Output
93
342 escaped
Nonce Checks
17
Capability Checks
26
File Operations
1
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

unserialize$val=unserialize($val, array('allowed_classes' => false));cf7-constant-contact.php:347

Bundled Libraries

Select2

SQL Query Safety

76% prepared34 total queries

Output Escaping

79% escaped435 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
settings_page (includes\plugin-pages.php:1530)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 40
actionplugins_loadedcf7-constant-contact.php:58
actioncfx_form_submittedcf7-constant-contact.php:97
actionvxcf_entry_createdcf7-constant-contact.php:98
actionvx_contact_createdcf7-constant-contact.php:99
actionvx_callcenter_entry_createdcf7-constant-contact.php:100
filterwpcf7_before_send_mailcf7-constant-contact.php:102
actionfrm_after_create_entrycf7-constant-contact.php:104
actionninja_forms_after_submissioncf7-constant-contact.php:105
actionwpforms_process_entry_savecf7-constant-contact.php:106
actionelementor_pro/forms/new_recordcf7-constant-contact.php:108
actioninitcf7-constant-contact.php:112
actionvx_cf_add_meta_boxincludes\crmperks-cf.php:10
actioncfx_add_meta_boxincludes\plugin-pages.php:50
actioncfx_form_entry_updatedincludes\plugin-pages.php:51
actioncfx_form_post_note_addedincludes\plugin-pages.php:52
actioncfx_form_pre_note_deletedincludes\plugin-pages.php:53
actioncfx_form_pre_trash_leadsincludes\plugin-pages.php:54
actioncfx_form_pre_restore_leadsincludes\plugin-pages.php:55
filteradmin_menuincludes\plugin-pages.php:67
filtervx_cf_meta_boxes_rightincludes\plugin-pages.php:68
actionadmin_noticesincludes\plugin-pages.php:69
filterplugin_action_linksincludes\plugin-pages.php:70
actionvxcf_entry_submit_btnincludes\plugin-pages.php:71
actionvx_cf7_post_note_addedincludes\plugin-pages.php:73
actionvx_cf7_pre_note_deletedincludes\plugin-pages.php:74
actionvx_cf7_pre_trash_leadsincludes\plugin-pages.php:75
actionvx_cf7_pre_restore_leadsincludes\plugin-pages.php:76
actionvx_cf7_entry_updatedincludes\plugin-pages.php:77
actionvx_contact_post_note_addedincludes\plugin-pages.php:79
actionvx_contact_pre_note_deletedincludes\plugin-pages.php:80
actionvx_contact_pre_trash_leadsincludes\plugin-pages.php:81
actionvx_contact_pre_restore_leadsincludes\plugin-pages.php:82
actionvx_contact_entry_updatedincludes\plugin-pages.php:83
filtervx_callcenter_entries_actionincludes\plugin-pages.php:85
filtervx_callcenter_bulk_actionsincludes\plugin-pages.php:86
filteradmin_initincludes\plugin-pages.php:87
filterplugin_row_metawp\crmperks-notices.php:16
filteradmin_footer_textwp\crmperks-notices.php:24
actionadmin_noticeswp\crmperks-notices.php:26
filterplugins_apiwp\crmperks-notices.php:28
Maintenance & Trust

Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 26, 2025
PHP min version5.3
Downloads24K

Community Trust

Rating96/100
Number of ratings14
Active installs800
Alternatives

Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms Alternatives

No alternatives data available yet.

Developer Profile

Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms Developer Profile

CRM Perks

32 plugins · 105K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
349 days
View full developer profile
Detection Fingerprints

How We Detect Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cf7-constant-contact/css/vxcf-admin-style.css/wp-content/plugins/cf7-constant-contact/css/vxcf-frontend-style.css/wp-content/plugins/cf7-constant-contact/js/vxcf-admin-script.js/wp-content/plugins/cf7-constant-contact/js/vxcf-frontend-script.js
Script Paths
/wp-content/plugins/cf7-constant-contact/js/vxcf-admin-script.js/wp-content/plugins/cf7-constant-contact/js/vxcf-frontend-script.js
Version Parameters
cf7-constant-contact/css/vxcf-admin-style.css?ver=cf7-constant-contact/css/vxcf-frontend-style.css?ver=cf7-constant-contact/js/vxcf-admin-script.js?ver=cf7-constant-contact/js/vxcf-frontend-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
vxcf-ccontact-admin-settingsvxcf-ccontact-admin-section
Data Attributes
data-crmperks-plugin-id
JS Globals
vxcf_ccontact_php_data
FAQ

Frequently Asked Questions about Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms