WP-Safety

WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Security & Risk Analysis

wordpress.org/plugins/cf7-dynamics-crm

Send Contact Form 7, WPForms, Elementor, Ninja Forms, CRM Perks Forms and many other contact form submissions to dynamics crm Online.

300 active installs v1.1.9 PHP 5.3+ WP 3.8+ Updated Dec 15, 2025
contact-form-7-dynamics-crmelementor-forms-dynamics-crmninja-forms-dynamics-crmwpforms-dynamics-crm-integration
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 27, 2025
Plugin page Download
Safety Verdict

Is WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Safe to Use in 2026?

Generally Safe

Score 99/100

WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 27, 2025Updated 3mo ago
Risk Assessment

The "cf7-dynamics-crm" plugin, version 1.1.9, exhibits a generally positive security posture based on the static analysis. The absence of entry points like AJAX handlers, REST API routes, and shortcodes significantly limits the potential attack surface. Furthermore, the plugin demonstrates good practices by utilizing prepared statements for a high percentage of its SQL queries and implementing a substantial number of nonce and capability checks. The taint analysis also shows no critical or high-severity unsanitized flows, which is a strong indicator of secure coding for data handling.

However, there are some areas that warrant attention. The static analysis indicates that only 60% of output is properly escaped, leaving a potential for Cross-Site Scripting (XSS) vulnerabilities. While no critical or high severity issues were found in taint analysis, the historical vulnerability data shows one medium severity XSS vulnerability, last patched in early 2025. This suggests that while current code might be more robust, there's a pattern of past vulnerabilities related to output sanitization, reinforcing the concern around the 60% proper escaping rate.

In conclusion, the plugin has several strengths, particularly its limited attack surface and good data handling practices. The main areas of concern are the moderate rate of proper output escaping and the past occurrence of an XSS vulnerability. Continuous vigilance in output sanitization and prompt patching of any future vulnerabilities are crucial for maintaining a secure state. The absence of unpatched CVEs is a good sign, but the historical context should not be ignored.

Key Concerns

  • 60% of output properly escaped
  • Past medium severity XSS vulnerability
Vulnerabilities
1

WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-24708medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.6 - Reflected Cross-Site Scripting

Jan 27, 2025 Patched in 1.1.7 (8d)
Code Analysis
Analyzed Mar 16, 2026

WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
8
25 prepared
Unescaped Output
126
186 escaped
Nonce Checks
17
Capability Checks
24
File Operations
2
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

76% prepared33 total queries

Output Escaping

60% escaped312 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
setup_plugin (includes\plugin-pages.php:552)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 39
actionplugins_loadedcf7-dynamics-crm.php:53
actioncfx_form_submittedcf7-dynamics-crm.php:61
actionvxcf_entry_createdcf7-dynamics-crm.php:62
actionvx_contact_createdcf7-dynamics-crm.php:63
actionvx_callcenter_entry_createdcf7-dynamics-crm.php:64
filterwpcf7_before_send_mailcf7-dynamics-crm.php:66
actionfrm_after_create_entrycf7-dynamics-crm.php:68
actionninja_forms_after_submissioncf7-dynamics-crm.php:69
actionwpforms_process_entry_savecf7-dynamics-crm.php:70
actionelementor_pro/forms/new_recordcf7-dynamics-crm.php:72
actioninitcf7-dynamics-crm.php:74
actionvx_cf_add_meta_boxincludes\crmperks-cf.php:10
actioncfx_add_meta_boxincludes\plugin-pages.php:37
actioncfx_form_entry_updatedincludes\plugin-pages.php:38
actioncfx_form_post_note_addedincludes\plugin-pages.php:39
actioncfx_form_pre_note_deletedincludes\plugin-pages.php:40
actioncfx_form_pre_trash_leadsincludes\plugin-pages.php:41
actioncfx_form_pre_restore_leadsincludes\plugin-pages.php:42
filteradmin_menuincludes\plugin-pages.php:45
filtervx_cf_meta_boxes_rightincludes\plugin-pages.php:46
actionadmin_noticesincludes\plugin-pages.php:47
filterplugin_action_linksincludes\plugin-pages.php:48
actionvxcf_entry_submit_btnincludes\plugin-pages.php:49
actionvx_cf7_post_note_addedincludes\plugin-pages.php:51
actionvx_cf7_pre_note_deletedincludes\plugin-pages.php:52
actionvx_cf7_pre_trash_leadsincludes\plugin-pages.php:53
actionvx_cf7_pre_restore_leadsincludes\plugin-pages.php:54
actionvx_cf7_entry_updatedincludes\plugin-pages.php:55
actionvx_contact_post_note_addedincludes\plugin-pages.php:57
actionvx_contact_pre_note_deletedincludes\plugin-pages.php:58
actionvx_contact_pre_trash_leadsincludes\plugin-pages.php:59
actionvx_contact_pre_restore_leadsincludes\plugin-pages.php:60
actionvx_contact_entry_updatedincludes\plugin-pages.php:61
filtervx_callcenter_entries_actionincludes\plugin-pages.php:63
filtervx_callcenter_bulk_actionsincludes\plugin-pages.php:64
filterplugin_row_metawp\crmperks-notices.php:17
filteradmin_footer_textwp\crmperks-notices.php:25
actionadmin_noticeswp\crmperks-notices.php:27
filterplugins_apiwp\crmperks-notices.php:29
Maintenance & Trust

WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 15, 2025
PHP min version5.3
Downloads10K

Community Trust

Rating98/100
Number of ratings19
Active installs300
Alternatives

WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Alternatives

No alternatives data available yet.

Developer Profile

WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Developer Profile

CRM Perks

32 plugins · 105K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
349 days
View full developer profile
Detection Fingerprints

How We Detect WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cf7-dynamics-crm/js/main.js/wp-content/plugins/cf7-dynamics-crm/css/main.css/wp-content/plugins/cf7-dynamics-crm/js/admin.js/wp-content/plugins/cf7-dynamics-crm/css/admin.css/wp-content/plugins/cf7-dynamics-crm/js/cf7-dynamics-crm.js/wp-content/plugins/cf7-dynamics-crm/js/select2.js
Generator Patterns
WP Contact Form Dynamics CRM
Script Paths
/wp-content/plugins/cf7-dynamics-crm/js/main.js/wp-content/plugins/cf7-dynamics-crm/js/admin.js/wp-content/plugins/cf7-dynamics-crm/js/cf7-dynamics-crm.js/wp-content/plugins/cf7-dynamics-crm/js/select2.js
Version Parameters
cf7-dynamics-crm/js/main.js?ver=cf7-dynamics-crm/css/main.css?ver=cf7-dynamics-crm/js/admin.js?ver=cf7-dynamics-crm/css/admin.css?ver=cf7-dynamics-crm/js/cf7-dynamics-crm.js?ver=cf7-dynamics-crm/js/select2.js?ver=

HTML / DOM Fingerprints

CSS Classes
vxcf-dynamics-settingscrmperks-noticecrmperks-fieldvxcf-dynamics-pro-noticevxcf-dynamics-upgrade-notice
HTML Comments
<!-- CRM Perks --><!-- contact form dynamics --><!-- END CRM Perks --><!-- vxcf-dynamics-notice -->
Data Attributes
data-crmperks-plugin-versiondata-plugin-slugdata-plugin-namedata-plugin-uridata-plugin-author-uri
JS Globals
vxcf_dynamicsvxcf_dynamics_datavxcf_dynamics_admin
REST Endpoints
/wp-json/vxcf-dynamics/v1/settings/wp-json/vxcf-dynamics/v1/save-settings
Shortcode Output
[cf7_dynamics_settings][cf7_dynamics_test_connection]
FAQ

Frequently Asked Questions about WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms