[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fNePnx580dXYWfpm-ptNJX5A7ahIaY77URQxdpizWOJA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":13,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":90,"crawl_stats":36,"alternatives":97,"analysis":98,"fingerprints":552},"cf7-constant-contact","Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms","1.2.0","CRM Perks","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrmperks\u002F","\u003Cp>Contact Form 7 Constant Contact Plugin sends form submissions from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"ugc\">Contact Form 7\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"ugc\">WPforms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Felementor\u002F\" rel=\"ugc\">Elementor Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fninja-forms\u002F\" rel=\"ugc\">Ninja Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fformidable\u002F\" rel=\"ugc\">Formidable Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-entries\u002F\" rel=\"ugc\">Contact Form Entries\u003C\u002Fa> and many other popular contact form plugins data to Constant Contact when someone submit a contact form on your site. Learn more at \u003Ca href=\"https:\u002F\u002Fwww.crmperks.com\u002Fplugins\u002Fcontact-form-plugins\u002Fcontact-form-constant-contact-plugin\u002F?utm_source=wordpress&utm_medium=directory&utm_campaign=constant-contact_readme\" rel=\"nofollow ugc\">crmperks.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How to Setup Contact Form 7 Constant Contact\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Go to “Constant Contact Accounts” tab then add new account.\u003C\u002Fli>\n\u003Cli>Go to “Constant Contact Feeds” tab then create a new feed.\u003C\u002Fli>\n\u003Cli>Map required Constant Contact fields to Contact Form 7 fields.\u003C\u002Fli>\n\u003Cli>Send your test entry to Constant Contact by clicking “send to Constant Contact” button.\u003C\u002Fli>\n\u003Cli>Go to “Constant Contact Logs” tab and verify status of previously sent entry.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Connect Constant Contact account\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Connect any contact form 7 to Constant Contact account by simply entering Constant Contact access token. Additionally, you can connect multiple constant contact accounts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Map Constant Contact fields\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Select any Constant Contact list then Map Constant Contact list fields to any contact form 7 fields. Plugin displays  all Constant Contact fields.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Filter contact form 7  submissions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filter contact form 7 submissions sent to Constant Contact based on user input. For example , send those customers to Constant Contact who check “Subscribe” checkbox.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manually send to Constant Contact\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Send contact form 7 submissions to Constant Contact when someone submits a contact form. You can manually send contact form 7 entries to Constant Contact.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Constant Contact logs\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>View a detailed log of each contact form 7 submission Whether sent or not sent to Constant Contact and easily resend contact form 7 submission to Constant Contact.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Send Data As Constant Contact object Notes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Send one to many contact form 7 form fields as Constant Contact member notes when someone submits a contact form on your site.\u003C\u002Fp>\n\u003Ch3>Why we built this plugin\u003C\u002Fh3>\n\u003Cp>Contact Form 7 and some other popular contact forms are good but you can not send contact form submissions to other systems including Constant Contact. You can send to any contact form(contact form 7) submissions to Constant Contact with this free plugin.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Premium Version Features.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Following features are available only in premium version \u003Ca href=\"https:\u002F\u002Fwww.crmperks.com\u002Fplugins\u002Fcontact-form-plugins\u002Fcontact-form-constant-contact-plugin\u002F?utm_source=wordpress&utm_medium=directory&utm_campaign=constant-contact_readme\" rel=\"nofollow ugc\">Contact Form Constant Contact\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>All Constant Contact fields.\u003C\u002Fli>\n\u003Cli>Google Analytics Parameters and Geolocation of a visitor who submitted the form.\u003C\u002Fli>\n\u003Cli>Lookup lead’s email and phone using email and phone lookup apis. We support all good email lookup apis.\u003C\u002Fli>\n\u003Cli>20+ premium addons\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n\u003Ch3>Want to send data to crm\u003C\u002Fh3>\n\u003Cp>We have Premium Extensions for 20+ CRMs.\u003Ca href=\"https:\u002F\u002Fwww.crmperks.com\u002Fplugin-category\u002Fcontact-form-plugins\u002F?utm_source=wordpress&utm_medium=directory&utm_campaign=constant_contact_readme\" rel=\"nofollow ugc\">View All CRM Extensions\u003C\u002Fa>\u003C\u002Fp>\n","Send Contact Form 7, WPForms, Elementor, Ninja Forms, Contact Forms Entries data and many other contact form submissions to Constant Contact.",800,24296,96,14,"2025-12-26T16:56:00.000Z","6.9.4","3.8","5.3",[20,21,22,23],"contact-form-7-constant-contact","elementor-forms-constant-contact-integration","ninja-forms-constant-contact","wpforms-constant-contact","https:\u002F\u002Fwww.crmperks.com\u002Fplugins\u002Fcontact-form-plugins\u002Fcontact-form-constant-contact-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-constant-contact.1.2.0.zip",4,0,"2025-07-30 00:00:00","2026-03-15T15:16:48.613Z",[31,47,62,77],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2025-54684","integration-for-contact-form-7-and-constant-contact-authenticated-administrator-stored-cross-site-scripting","Integration for Contact Form 7 and Constant Contact \u003C= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Integration for Contact Form 7 and Constant Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.1.7","1.1.8","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-08-04 21:10:49",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2e3358a9-3e73-4ee5-9426-8d8fc01739fe?source=api-prod",6,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":36,"affected_versions":52,"patched_in_version":53,"severity":39,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2024-35632","integration-for-contact-form-7-and-constant-contact-cross-site-request-forgery","Integration for Contact Form 7 and Constant Contact \u003C= 1.1.5 - Cross-Site Request Forgery","The Integration for Contact Form 7 and Constant Contact plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=1.1.5","1.1.6",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-05-27 00:00:00","2025-04-25 14:50:55",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F712b0976-09a5-41d6-8f96-79006a8d41ba?source=api-prod",334,{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":36,"affected_versions":67,"patched_in_version":68,"severity":39,"cvss_score":69,"cvss_vector":70,"vuln_type":71,"published_date":72,"updated_date":73,"references":74,"days_to_patch":76},"CVE-2023-47779","integration-for-contact-form-7-and-constant-contact-open-redirect","Integration for Contact Form 7 and Constant Contact \u003C= 1.1.4 - Open Redirect","The Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.1.4. This is due to insufficient validation a redirect url. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.","\u003C=1.1.4","1.1.5",4.7,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:N\u002FI:L\u002FA:N","URL Redirection to Untrusted Site ('Open Redirect')","2023-11-14 00:00:00","2024-01-22 19:56:02",[75],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5c8404d2-7b37-40df-b756-328f827f273d?source=api-prod",70,{"id":78,"url_slug":79,"title":80,"description":81,"plugin_slug":4,"theme_slug":36,"affected_versions":82,"patched_in_version":83,"severity":39,"cvss_score":84,"cvss_vector":85,"vuln_type":42,"published_date":86,"updated_date":73,"references":87,"days_to_patch":89},"WF-cc1e9778-2860-4e3c-a2e4-28f10d585fed-cf7-constant-contact","crm-perks-various-plugins-various-versions-reflected-cross-site-scripting-26","CRM Perks - Various Plugins (Various Versions) - Reflected Cross-Site Scripting","Multiple CRM Perks plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the 'vx_debug' parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.0.9","1.1.0",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2021-08-26 00:00:00",[88],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcc1e9778-2860-4e3c-a2e4-28f10d585fed?source=api-prod",880,{"slug":91,"display_name":7,"profile_url":8,"plugin_count":92,"total_installs":93,"avg_security_score":13,"avg_patch_time_days":94,"trust_score":95,"computed_at":96},"crmperks",32,104540,349,76,"2026-04-03T20:00:24.329Z",[],{"attackSurface":99,"codeSignals":266,"taintFlows":478,"riskAssessment":541,"analyzedAt":551},{"hooks":100,"ajaxHandlers":262,"restRoutes":263,"shortcodes":264,"cronEvents":265,"entryPointCount":27,"unprotectedCount":27},[101,107,112,116,120,124,129,133,137,141,145,148,152,157,161,165,169,173,177,181,184,187,189,193,197,201,205,208,212,216,220,224,228,232,236,240,244,249,254,257],{"type":102,"name":103,"callback":104,"file":105,"line":106},"action","plugins_loaded","setup_main","cf7-constant-contact.php",58,{"type":102,"name":108,"callback":109,"priority":110,"file":105,"line":111},"cfx_form_submitted","entry_created_crmperks",10,97,{"type":102,"name":113,"callback":114,"priority":110,"file":105,"line":115},"vxcf_entry_created","entry_created",98,{"type":102,"name":117,"callback":118,"priority":110,"file":105,"line":119},"vx_contact_created","entry_created_contacts",99,{"type":102,"name":121,"callback":122,"priority":110,"file":105,"line":123},"vx_callcenter_entry_created","entry_created_callcenter",100,{"type":125,"name":126,"callback":127,"priority":119,"file":105,"line":128},"filter","wpcf7_before_send_mail","create_entry_cf",102,{"type":102,"name":130,"callback":131,"priority":119,"file":105,"line":132},"frm_after_create_entry","create_entry_fd",104,{"type":102,"name":134,"callback":135,"priority":119,"file":105,"line":136},"ninja_forms_after_submission","create_entry_na",105,{"type":102,"name":138,"callback":139,"priority":119,"file":105,"line":140},"wpforms_process_entry_save","create_entry_wp",106,{"type":102,"name":142,"callback":143,"priority":119,"file":105,"line":144},"elementor_pro\u002Fforms\u002Fnew_record","create_entry_el",108,{"type":102,"name":146,"callback":146,"file":105,"line":147},"init",112,{"type":102,"name":149,"callback":150,"priority":110,"file":151,"line":110},"vx_cf_add_meta_box","add_meta_box","includes\\crmperks-cf.php",{"type":102,"name":153,"callback":154,"priority":110,"file":155,"line":156},"cfx_add_meta_box","add_meta_box_crmperks_form","includes\\plugin-pages.php",50,{"type":102,"name":158,"callback":159,"priority":110,"file":155,"line":160},"cfx_form_entry_updated","update_entry_crm_perks_forms",51,{"type":102,"name":162,"callback":163,"priority":110,"file":155,"line":164},"cfx_form_post_note_added","create_note_crm_perks_forms",52,{"type":102,"name":166,"callback":167,"priority":110,"file":155,"line":168},"cfx_form_pre_note_deleted","delete_note_crm_perks_forms",53,{"type":102,"name":170,"callback":171,"priority":110,"file":155,"line":172},"cfx_form_pre_trash_leads","trash_leads_crm_perks_forms",54,{"type":102,"name":174,"callback":175,"priority":110,"file":155,"line":176},"cfx_form_pre_restore_leads","restore_leads_crm_perks_forms",55,{"type":125,"name":178,"callback":179,"priority":156,"file":155,"line":180},"admin_menu","create_menu",67,{"type":125,"name":182,"callback":150,"priority":110,"file":155,"line":183},"vx_cf_meta_boxes_right",68,{"type":102,"name":185,"callback":185,"file":155,"line":186},"admin_notices",69,{"type":125,"name":188,"callback":188,"priority":110,"file":155,"line":76},"plugin_action_links",{"type":102,"name":190,"callback":191,"file":155,"line":192},"vxcf_entry_submit_btn","entry_checkbox",71,{"type":102,"name":194,"callback":195,"priority":110,"file":155,"line":196},"vx_cf7_post_note_added","create_note_e",73,{"type":102,"name":198,"callback":199,"priority":110,"file":155,"line":200},"vx_cf7_pre_note_deleted","delete_note_e",74,{"type":102,"name":202,"callback":203,"file":155,"line":204},"vx_cf7_pre_trash_leads","trash_leads_e",75,{"type":102,"name":206,"callback":207,"file":155,"line":95},"vx_cf7_pre_restore_leads","restore_leads_e",{"type":102,"name":209,"callback":210,"priority":110,"file":155,"line":211},"vx_cf7_entry_updated","update_entry_e",77,{"type":102,"name":213,"callback":214,"priority":110,"file":155,"line":215},"vx_contact_post_note_added","create_note_c",79,{"type":102,"name":217,"callback":218,"priority":110,"file":155,"line":219},"vx_contact_pre_note_deleted","delete_note_c",80,{"type":102,"name":221,"callback":222,"file":155,"line":223},"vx_contact_pre_trash_leads","trash_leads_c",81,{"type":102,"name":225,"callback":226,"file":155,"line":227},"vx_contact_pre_restore_leads","restore_leads_c",82,{"type":102,"name":229,"callback":230,"priority":110,"file":155,"line":231},"vx_contact_entry_updated","update_entry_c",83,{"type":125,"name":233,"callback":234,"priority":110,"file":155,"line":235},"vx_callcenter_entries_action","bulk_send_crm_callcenter",85,{"type":125,"name":237,"callback":238,"file":155,"line":239},"vx_callcenter_bulk_actions","add_bulk_send_crm_callcenter",86,{"type":125,"name":241,"callback":242,"file":155,"line":243},"admin_init","setup_plugin",87,{"type":125,"name":245,"callback":246,"priority":110,"file":247,"line":248},"plugin_row_meta","pro_link","wp\\crmperks-notices.php",16,{"type":125,"name":250,"callback":251,"priority":252,"file":247,"line":253},"admin_footer_text","admin_footer",1,24,{"type":102,"name":185,"callback":255,"file":247,"line":256},"install_forms_notice",26,{"type":125,"name":258,"callback":259,"priority":260,"file":247,"line":261},"plugins_api","forms_info",11,28,[],[],[],[],{"dangerousFunctions":267,"sqlUsage":272,"outputEscaping":295,"fileOperations":252,"externalRequests":472,"nonceChecks":473,"capabilityChecks":256,"bundledLibraries":474},[268],{"fn":269,"file":105,"line":270,"context":271},"unserialize",347,"$val=unserialize($val, array('allowed_classes' => false));",{"prepared":256,"raw":273,"locations":274},8,[275,279,282,284,287,289,291,293],{"file":276,"line":277,"context":278},"includes\\data.php",293,"$wpdb->query() with variable interpolation",{"file":276,"line":280,"context":281},391,"$wpdb->get_results() with variable interpolation",{"file":276,"line":283,"context":281},483,{"file":276,"line":285,"context":286},512,"$wpdb->get_row() with variable interpolation",{"file":276,"line":288,"context":278},549,{"file":276,"line":290,"context":278},550,{"file":276,"line":292,"context":278},551,{"file":155,"line":294,"context":281},1974,{"escaped":296,"rawEcho":297,"locations":298},342,93,[299,303,305,307,309,311,313,315,318,319,320,322,323,326,328,330,333,335,337,339,341,343,345,347,349,352,353,355,356,357,358,359,361,363,365,367,369,371,373,376,378,379,381,382,383,384,385,386,387,389,390,392,394,396,398,400,402,404,406,408,410,412,414,416,418,420,422,425,428,430,432,434,436,438,440,442,443,445,447,449,451,454,456,458,459,460,462,463,464,466,467,468,470],{"file":300,"line":301,"context":302},"api\\api.php",377,"raw output",{"file":155,"line":304,"context":302},700,{"file":155,"line":306,"context":302},750,{"file":155,"line":308,"context":302},1278,{"file":155,"line":310,"context":302},1290,{"file":155,"line":312,"context":302},1291,{"file":155,"line":314,"context":302},1522,{"file":316,"line":317,"context":302},"templates\\accounts.php",92,{"file":316,"line":13,"context":302},{"file":316,"line":119,"context":302},{"file":316,"line":321,"context":302},103,{"file":316,"line":144,"context":302},{"file":324,"line":325,"context":302},"templates\\crm-entry-box.php",12,{"file":324,"line":327,"context":302},21,{"file":324,"line":329,"context":302},25,{"file":331,"line":332,"context":302},"templates\\feed-account.php",258,{"file":331,"line":334,"context":302},266,{"file":331,"line":336,"context":302},267,{"file":331,"line":338,"context":302},286,{"file":331,"line":340,"context":302},343,{"file":331,"line":342,"context":302},385,{"file":331,"line":344,"context":302},397,{"file":331,"line":346,"context":302},423,{"file":348,"line":256,"context":302},"templates\\feed-object.php",{"file":350,"line":351,"context":302},"templates\\feeds.php",27,{"file":350,"line":351,"context":302},{"file":350,"line":354,"context":302},35,{"file":350,"line":321,"context":302},{"file":350,"line":132,"context":302},{"file":350,"line":136,"context":302},{"file":350,"line":140,"context":302},{"file":350,"line":360,"context":302},109,{"file":350,"line":362,"context":302},120,{"file":350,"line":364,"context":302},121,{"file":350,"line":366,"context":302},122,{"file":350,"line":368,"context":302},131,{"file":350,"line":370,"context":302},138,{"file":350,"line":372,"context":302},149,{"file":374,"line":375,"context":302},"templates\\fields-mapping.php",46,{"file":374,"line":377,"context":302},60,{"file":374,"line":377,"context":302},{"file":374,"line":380,"context":302},62,{"file":374,"line":380,"context":302},{"file":374,"line":180,"context":302},{"file":374,"line":180,"context":302},{"file":374,"line":192,"context":302},{"file":374,"line":192,"context":302},{"file":374,"line":297,"context":302},{"file":374,"line":388,"context":302},107,{"file":374,"line":144,"context":302},{"file":374,"line":391,"context":302},113,{"file":374,"line":393,"context":302},141,{"file":374,"line":395,"context":302},142,{"file":374,"line":397,"context":302},143,{"file":374,"line":399,"context":302},145,{"file":374,"line":401,"context":302},178,{"file":374,"line":403,"context":302},183,{"file":374,"line":405,"context":302},218,{"file":374,"line":407,"context":302},232,{"file":374,"line":409,"context":302},313,{"file":374,"line":411,"context":302},324,{"file":374,"line":413,"context":302},330,{"file":374,"line":415,"context":302},375,{"file":374,"line":417,"context":302},445,{"file":374,"line":419,"context":302},455,{"file":374,"line":421,"context":302},505,{"file":423,"line":424,"context":302},"templates\\log.php",101,{"file":426,"line":427,"context":302},"templates\\logs.php",204,{"file":426,"line":429,"context":302},213,{"file":426,"line":431,"context":302},240,{"file":426,"line":433,"context":302},248,{"file":426,"line":435,"context":302},260,{"file":426,"line":437,"context":302},271,{"file":426,"line":439,"context":302},296,{"file":426,"line":441,"context":302},314,{"file":426,"line":441,"context":302},{"file":426,"line":444,"context":302},427,{"file":426,"line":446,"context":302},430,{"file":426,"line":448,"context":302},471,{"file":426,"line":450,"context":302},476,{"file":452,"line":453,"context":302},"templates\\setting.php",29,{"file":452,"line":455,"context":302},31,{"file":452,"line":457,"context":302},34,{"file":452,"line":192,"context":302},{"file":452,"line":95,"context":302},{"file":461,"line":156,"context":302},"templates\\settings-table.php",{"file":461,"line":160,"context":302},{"file":461,"line":380,"context":302},{"file":247,"line":465,"context":302},61,{"file":247,"line":465,"context":302},{"file":247,"line":465,"context":302},{"file":247,"line":469,"context":302},123,{"file":247,"line":471,"context":302},124,2,17,[475],{"name":476,"version":36,"knownCves":477},"Select2",[],[479,498,506,517],{"entryPoint":480,"graph":481,"unsanitizedCount":27,"severity":497},"settings_page (includes\\plugin-pages.php:1530)",{"nodes":482,"edges":494},[483,488],{"id":484,"type":485,"label":486,"file":155,"line":487},"n0","source","$_POST",1568,{"id":489,"type":490,"label":491,"file":155,"line":492,"wp_function":493},"n1","sink","update_option() [Settings Manipulation]",1571,"update_option",[495],{"from":484,"to":489,"sanitized":496},true,"low",{"entryPoint":499,"graph":500,"unsanitizedCount":27,"severity":497},"\u003Cplugin-pages> (includes\\plugin-pages.php:0)",{"nodes":501,"edges":504},[502,503],{"id":484,"type":485,"label":486,"file":155,"line":487},{"id":489,"type":490,"label":491,"file":155,"line":492,"wp_function":493},[505],{"from":484,"to":489,"sanitized":496},{"entryPoint":507,"graph":508,"unsanitizedCount":27,"severity":497},"\u003Ccrm-entry-box> (templates\\crm-entry-box.php:0)",{"nodes":509,"edges":515},[510,512],{"id":484,"type":485,"label":511,"file":324,"line":248},"$_REQUEST['vx_debug']",{"id":489,"type":490,"label":513,"file":324,"line":248,"wp_function":514},"echo() [XSS]","echo",[516],{"from":484,"to":489,"sanitized":496},{"entryPoint":518,"graph":519,"unsanitizedCount":27,"severity":497},"\u003Clogs> (templates\\logs.php:0)",{"nodes":520,"edges":537},[521,524,525,529,531,535],{"id":484,"type":485,"label":522,"file":426,"line":523},"$_REQUEST['entry_id']",233,{"id":489,"type":490,"label":513,"file":426,"line":523,"wp_function":514},{"id":526,"type":485,"label":527,"file":426,"line":528},"n2","$_REQUEST['start_date']",276,{"id":530,"type":490,"label":513,"file":426,"line":528,"wp_function":514},"n3",{"id":532,"type":485,"label":533,"file":426,"line":534},"n4","$_REQUEST['end_date']",277,{"id":536,"type":490,"label":513,"file":426,"line":534,"wp_function":514},"n5",[538,539,540],{"from":484,"to":489,"sanitized":496},{"from":526,"to":530,"sanitized":496},{"from":532,"to":536,"sanitized":496},{"summary":542,"deductions":543},"The plugin \"cf7-constant-contact\" v1.2.0 exhibits a mixed security posture. On one hand, static analysis reveals a commendable lack of direct entry points like unprotected AJAX handlers, REST API routes, or shortcodes, suggesting a controlled attack surface. The high percentage of SQL queries using prepared statements and a good rate of output escaping are also positive indicators of secure coding practices. Nonce and capability checks are present, further reinforcing a security-conscious approach in the current version's code.\n\nHowever, the presence of the `unserialize` function is a notable concern, as it can be a vector for Remote Code Execution (RCE) if not handled with extreme caution and input validation. While taint analysis did not reveal any unsanitized flows in this scan, the potential for issues with `unserialize` remains. The plugin's history of 4 known CVEs, all medium severity, involving XSS, CSRF, and Open Redirect vulnerabilities, is a significant red flag. Although there are currently no unpatched CVEs, this history indicates past weaknesses that could potentially resurface or be exploited in different ways.\n\nIn conclusion, while the current version of \"cf7-constant-contact\" demonstrates improved secure coding practices compared to its past, the lingering presence of a dangerous function like `unserialize` and the historical pattern of medium-severity vulnerabilities warrant careful consideration. The plugin has a history of common web vulnerabilities, suggesting that developers should remain vigilant and prioritize thorough security audits, especially when processing external data that might be unserialized.",[544,547,549],{"reason":545,"points":546},"Dangerous function detected (unserialize)",7,{"reason":548,"points":325},"Vulnerability history (4 medium CVEs)",{"reason":550,"points":273},"Vulnerabilities include XSS, CSRF, Open Redirect","2026-03-16T19:17:23.160Z",{"wat":553,"direct":566},{"assetPaths":554,"generatorPatterns":559,"scriptPaths":560,"versionParams":561},[555,556,557,558],"\u002Fwp-content\u002Fplugins\u002Fcf7-constant-contact\u002Fcss\u002Fvxcf-admin-style.css","\u002Fwp-content\u002Fplugins\u002Fcf7-constant-contact\u002Fcss\u002Fvxcf-frontend-style.css","\u002Fwp-content\u002Fplugins\u002Fcf7-constant-contact\u002Fjs\u002Fvxcf-admin-script.js","\u002Fwp-content\u002Fplugins\u002Fcf7-constant-contact\u002Fjs\u002Fvxcf-frontend-script.js",[],[557,558],[562,563,564,565],"cf7-constant-contact\u002Fcss\u002Fvxcf-admin-style.css?ver=","cf7-constant-contact\u002Fcss\u002Fvxcf-frontend-style.css?ver=","cf7-constant-contact\u002Fjs\u002Fvxcf-admin-script.js?ver=","cf7-constant-contact\u002Fjs\u002Fvxcf-frontend-script.js?ver=",{"cssClasses":567,"htmlComments":570,"htmlAttributes":571,"restEndpoints":573,"jsGlobals":574,"shortcodeOutput":576},[568,569],"vxcf-ccontact-admin-settings","vxcf-ccontact-admin-section",[],[572],"data-crmperks-plugin-id",[],[575],"vxcf_ccontact_php_data",[]]