Does Contact Form 7 Google Analytics have any unpatched vulnerabilities?

No. All known vulnerabilities in Contact Form 7 Google Analytics have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Contact Form 7 Google Analytics compatible with WordPress 6.8.5?

According to WordPress.org data, Contact Form 7 Google Analytics 1.8.12 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Contact Form 7 Google Analytics updated?

Contact Form 7 Google Analytics was last updated on Dec 6, 2025. Frequent updates are generally a positive security signal.

What is Contact Form 7 Google Analytics's security score?

Contact Form 7 Google Analytics has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Contact Form 7 Google Analytics Security & Risk Analysis

wordpress.org/plugins/cf7-google-analytics

Adds Google Analytics Event Tracking to all Contact Form 7 forms. Note: once you are using Google Analytics v4, this plugin may no longer be necessary …

7K active installs v1.8.12 PHP + WP 4.3+ Updated Dec 6, 2025

analyticscontact-form-7google-analytics

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Contact Form 7 Google Analytics Safe to Use in 2026?

Generally Safe

Score 100/100

Contact Form 7 Google Analytics has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The 'cf7-google-analytics' plugin version 1.8.12 exhibits a generally good security posture in several areas, particularly in its handling of SQL queries and output escaping, both of which are 100% secure according to the static analysis. There are no reported vulnerabilities in its history, suggesting a track record of stable security. However, a significant concern arises from the presence of two AJAX handlers that lack authentication checks. This creates a substantial attack surface where unauthenticated users could potentially interact with these endpoints, leading to unintended consequences. The absence of taint analysis results and the limited number of entry points (though unprotected) do not strongly indicate immediate critical risks, but the unauthenticated AJAX handlers remain the primary vulnerability.

Key Concerns

AJAX handlers without authentication

Vulnerabilities

None known

Contact Form 7 Google Analytics Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Contact Form 7 Google Analytics Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

23 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped23 total outputs

Attack Surface

2 unprotected

Contact Form 7 Google Analytics Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_cf7_ga_dismiss_notice_180inc\class-cf7-google-analytics.php:137

authwp_ajax_cf7_ga_dismiss_notice_186inc\class-cf7-google-analytics.php:149

WordPress Hooks 10

filterwpcf7_ajax_json_echoinc\class-cf7-google-analytics.php:113

actionwp_enqueue_scriptsinc\class-cf7-google-analytics.php:115

actionadmin_enqueue_scriptsinc\class-cf7-google-analytics.php:119

actionadmin_initinc\class-cf7-google-analytics.php:122

actionadmin_menuinc\class-cf7-google-analytics.php:123

actionsave_post_wpcf7_contact_forminc\class-cf7-google-analytics.php:126

actionadmin_noticesinc\class-cf7-google-analytics.php:130

actionadmin_enqueue_scriptsinc\class-cf7-google-analytics.php:131

actionadmin_noticesinc\class-cf7-google-analytics.php:142

actionadmin_enqueue_scriptsinc\class-cf7-google-analytics.php:143

Maintenance & Trust

Contact Form 7 Google Analytics Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedDec 6, 2025

PHP min version

Downloads128K

Community Trust

Rating96/100

Number of ratings12

Active installs7K

Alternatives

Contact Form 7 Google Analytics Alternatives

Contact Form 7 Analytics

swp-contact-form-7-analytics

100

A lightweight system to track Contact Form 7 Events in Google Analytics.

0 No CVEs

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

google-analytics-for-wordpress

The best free Google Analytics plugin for WordPress. See how visitors find and use your website so you can grow your business with powerful analytics.

2.0M 10 CVEs

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

duracelltomi-google-tag-manager

Advanced tag management for WordPress with Google Tag Manager

700K 3 CVEs

WP Statistics – Simple, privacy-friendly Google Analytics alternative

wp-statistics

Get website traffic insights with GDPR/CCPA compliant, privacy-friendly analytics. Includes visitor data, stunning graphs, and no data sharing.

600K 35 CVEs

PixelYourSite – Your smart PIXEL (TAG) & API Manager

pixelyoursite

Add Meta Pixel with Conversion API, Google Analytics (GA4) + Consent Mode, Google Tag Manager, and Head & Footer scripts.

500K 11 CVEs

Developer Profile

Contact Form 7 Google Analytics Developer Profile

macbookandrew

11 plugins · 8K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

498 days

View full developer profile

Detection Fingerprints

How We Detect Contact Form 7 Google Analytics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cf7-google-analytics/js/cf7-google-analytics.min.js/wp-content/plugins/cf7-google-analytics/js/admin.min.js

Script Paths