WP-Safety

Contact Form 7 Countries Security & Risk Analysis

wordpress.org/plugins/cf7-countries

Country drop-down menu for Contact Form 7.

400 active installs v1.0.0 PHP 5.6+ WP 3.0.1+ Updated Feb 24, 2019
contactcontact-formcontact-form-7emailfeedback
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Contact Form 7 Countries Safe to Use in 2026?

Generally Safe

Score 85/100

Contact Form 7 Countries has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "cf7-countries" plugin version 1.0.0 demonstrates a generally good security posture based on the provided static analysis. The absence of any identified dangerous functions, SQL injection vulnerabilities (all queries are prepared), and file operations is a significant strength. Furthermore, the high percentage of properly escaped output suggests a careful approach to preventing cross-site scripting (XSS) vulnerabilities.

However, the analysis does reveal areas for improvement and potential concerns. The most notable is the complete lack of nonce checks and capability checks for any entry points. While the current attack surface is reported as zero, this could change with future updates or if the plugin were to interact with other parts of WordPress in ways not captured by this analysis. The single capability check present is a positive sign, but its limited scope means many interactions might not be adequately protected.

The plugin's vulnerability history is a strong point, with no known CVEs recorded. This, combined with the clean static analysis, suggests a low-risk profile for this version. However, the lack of entry points with authentication checks presents a potential risk if the plugin's functionality or attack surface were to expand in the future without corresponding security controls being implemented.

Key Concerns

  • No nonce checks for entry points
  • Limited capability checks
Vulnerabilities
None known

Contact Form 7 Countries Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Contact Form 7 Countries Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
40 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

95% escaped42 total outputs
Attack Surface

Contact Form 7 Countries Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actionwpcf7_initadmin\class-atlb-cf7-countries-admin.php:55
actionwpcf7_admin_initadmin\class-atlb-cf7-countries-admin.php:56
actionplugins_loadedincludes\class-atlb-cf7-countries.php:135
actionadmin_enqueue_scriptsincludes\class-atlb-cf7-countries.php:150
actionadmin_enqueue_scriptsincludes\class-atlb-cf7-countries.php:151
actionwp_enqueue_scriptsincludes\class-atlb-cf7-countries.php:166
actionwp_enqueue_scriptsincludes\class-atlb-cf7-countries.php:167
filterwpcf7_validate_countriespublic\class-atlb-cf7-countries-public.php:52
filterwpcf7_validate_countries*public\class-atlb-cf7-countries-public.php:53
Maintenance & Trust

Contact Form 7 Countries Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22
Last updatedFeb 24, 2019
PHP min version5.6
Downloads7K

Community Trust

Rating0/100
Number of ratings0
Active installs400
Alternatives

Contact Form 7 Countries Alternatives

woo-shortcode-popup

woo-shortcode-popup

woo-shortcode-popup

A
85

Creates a popup button on woocommerce shop page

10 No CVEs
Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent

Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent

tablesome

D
37

Powerful Table, Form & Mail Automations. Form Entry Management (+ frontend table ), integrate with MailChimp, G Sheets, CF7, WPForms, Elementor, etc.

8K 2 unpatched
Contact Form 7 Confirm Email Field

Contact Form 7 Confirm Email Field

contact-form-7-confirm-email-feild

A
85

Add a confirm email field to Contact Form 7.

2K No CVEs
HTML Template for CF7

HTML Template for CF7

cf7-html-email-template-extension

A
100

Improve your Contact Form 7 emails with a HTML Template.

1K No CVEs
Contact Form 7 GetResponse Extension

Contact Form 7 GetResponse Extension

contact-form-7-getresponse-extension

C
63

A very easy plugin to integrate GetResponse campaigns with Contact Form 7.

1K 1 unpatched
Developer Profile

Contact Form 7 Countries Developer Profile

Max Law

1 plugin · 400 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Contact Form 7 Countries

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cf7-countries/admin/css/cf7-countries-admin.css/wp-content/plugins/cf7-countries/admin/js/cf7-countries-admin.js/wp-content/plugins/cf7-countries/public/css/cf7-countries-public.css/wp-content/plugins/cf7-countries/public/js/cf7-countries-public.js
Script Paths
/wp-content/plugins/cf7-countries/admin/js/cf7-countries-admin.js/wp-content/plugins/cf7-countries/public/js/cf7-countries-public.js
Version Parameters
cf7-countries/admin/css/cf7-countries-admin.css?ver=cf7-countries/admin/js/cf7-countries-admin.js?ver=cf7-countries/public/css/cf7-countries-public.css?ver=cf7-countries/public/js/cf7-countries-public.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-name="countries"data-options="countries"
JS Globals
window.Atlb_CF7_Countries_Public_Script
Shortcode Output
[countries][countries*]
FAQ

Frequently Asked Questions about Contact Form 7 Countries