Contact Form 7 Domain Blacklist Security & Risk Analysis
wordpress.org/plugins/cf7-domain-blacklistWith this plugin you can easily create a list of domains that are not allowed in your Contact Form 7 forms.
Is Contact Form 7 Domain Blacklist Safe to Use in 2026?
Generally Safe
Score 85/100Contact Form 7 Domain Blacklist has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "cf7-domain-blacklist" plugin v1.1.3 exhibits a strong security posture based on the provided static analysis. The absence of any identified dangerous functions, unsanitized paths in taint analysis, raw SQL queries, file operations, or external HTTP requests is commendable. The plugin also demonstrates good practices by utilizing prepared statements for its SQL queries and properly escaping all output. The presence of a nonce check further contributes to its secure design, especially if it's associated with any potential entry points that might have been missed in the count.
However, the analysis indicates a complete lack of capability checks and a very limited attack surface with no exposed AJAX handlers, REST API routes, or shortcodes. While this reduces the immediate attack vectors, the absence of capability checks means that if any functionality were to be exposed in the future, it might lack crucial authorization controls. The vulnerability history being completely clean is a positive sign, suggesting a well-maintained and secure codebase to date.
In conclusion, the plugin appears to be highly secure with no immediate vulnerabilities detected and good coding practices implemented. The primary area for potential future concern, albeit not a current flaw, is the lack of capability checks which could become relevant if the plugin's functionality expands. The minimal attack surface and clean history are significant strengths.
Key Concerns
- No capability checks found
Contact Form 7 Domain Blacklist Security Vulnerabilities
Contact Form 7 Domain Blacklist Code Analysis
Output Escaping
Data Flow Analysis
Contact Form 7 Domain Blacklist Attack Surface
WordPress Hooks 5
Maintenance & Trust
Contact Form 7 Domain Blacklist Maintenance & Trust
Maintenance Signals
Community Trust
Contact Form 7 Domain Blacklist Alternatives
Mascaras CF7
mascaras-para-cf7
Adicione máscaras de telefone, CPF, CNPJ, CEP e Dinheiro nos campos do Contact Form 7, Elementor e outros tipos de formulários.
Database Addon for Contact Form 7 – CFDB7
contact-form-cfdb7
Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.
ReCaptcha v2 for Contact Form 7
wpcf7-recaptcha
Adds reCaptcha v2 from Contact Form 7 5.0.5 that was dropped on Contact Form 7 5.1
Redirection for Contact Form 7
wpcf7-redirect
Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.
Conditional Fields for Contact Form 7
cf7-conditional-fields
Adds conditional logic to Contact Form 7.
Contact Form 7 Domain Blacklist Developer Profile
4 plugins · 140 total installs
How We Detect Contact Form 7 Domain Blacklist
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/cf7-domain-blacklist/assets/css/styles.css/wp-content/plugins/cf7-domain-blacklist/assets/css/custom.css/wp-content/plugins/cf7-domain-blacklist/assets/css/font-awesome.min.css/wp-content/plugins/cf7-domain-blacklist/assets/js/bootstrap.min.js/wp-content/plugins/cf7-domain-blacklist/assets/js/jquery.validate.min.js/wp-content/plugins/cf7-domain-blacklist/assets/js/default.js/wp-content/plugins/cf7-domain-blacklist/assets/js/bootstrap.min.js/wp-content/plugins/cf7-domain-blacklist/assets/js/jquery.validate.min.js/wp-content/plugins/cf7-domain-blacklist/assets/js/default.js