Does Contact Form 7 extension for Google Map fields have any unpatched vulnerabilities?

No. All known vulnerabilities in Contact Form 7 extension for Google Map fields have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Contact Form 7 extension for Google Map fields compatible with WordPress 6.2.9?

According to WordPress.org data, Contact Form 7 extension for Google Map fields 1.9.0 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

Is Contact Form 7 extension for Google Map fields compatible with PHP 7.4+?

Contact Form 7 extension for Google Map fields requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Contact Form 7 extension for Google Map fields's security score?

Contact Form 7 extension for Google Map fields has a WP-Safety security score of 84/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Contact Form 7 extension for Google Map fields Security & Risk Analysis

wordpress.org/plugins/cf7-google-map

This plugin enables the insertion of google maps into contact form 7 as an input field.

600 active installs v1.9.0 PHP 7.4+ WP 5.6+ Updated Jul 11, 2023

contact-form-7contact-form-7-extensioncontact-form-7-modulegoogle-mapmaps

B · Generally Safe

CVEs total1

Unpatched0

Last CVEMay 3, 2023

Plugin page Download

Safety Verdict

Is Contact Form 7 extension for Google Map fields Safe to Use in 2026?

Mostly Safe

Score 84/100

Contact Form 7 extension for Google Map fields is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVELast CVE: May 3, 2023Updated 2yr ago

Risk Assessment

The "cf7-google-map" plugin, version 1.9.0, exhibits a generally strong security posture based on the static analysis. The absence of unprotected AJAX handlers, REST API routes, shortcodes, and cron events indicates a limited attack surface. The code also demonstrates good practices with 100% of SQL queries using prepared statements and a high percentage (87%) of output properly escaped. The lack of file operations and dangerous functions further contributes to its secure design.

However, there are some areas for improvement. The plugin performs external HTTP requests, which could be a vector for certain attacks if not handled with extreme care. More significantly, the plugin has a history of known vulnerabilities, with one high-severity Cross-Site Scripting (XSS) issue reported in May 2023. While this specific vulnerability is listed as currently unpatched, the existence of past XSS issues warrants caution and suggests potential for future vulnerabilities if input sanitization and output escaping are not meticulously maintained. The absence of nonce checks and capability checks on any potential entry points, though currently zero, could become a risk if the plugin's functionality expands.

In conclusion, "cf7-google-map" v1.9.0 shows promising security practices, particularly in its handling of SQL and output. The limited attack surface is a significant strength. Nevertheless, the past high-severity XSS vulnerability and the presence of external HTTP requests are points of concern that require ongoing vigilance and potential future patching. The lack of explicit mention of capability checks or nonce checks on its current zero entry points is a weakness that might become relevant if the plugin evolves.

Key Concerns

1 known high severity vulnerability (unpatched)
External HTTP requests without explicit checks
0 Nonce checks on any entry points
0 Capability checks on any entry points
87% of output escaped (13% unescaped)

Vulnerabilities

Contact Form 7 extension for Google Map fields Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

High

1 total CVE

WF-dd3fc3a4-ba32-4c05-bc93-ed7b86c426fa-cf7-google-maphigh · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Contact Form 7 extension for Google Map fields <= 1.8.3 - Stored Cross-Site Scripting

May 3, 2023 Patched in 1.8.4 (265d)

Code Analysis

Analyzed Mar 16, 2026

Contact Form 7 extension for Google Map fields Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

39 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

87% escaped45 total outputs

Attack Surface

Contact Form 7 extension for Google Map fields Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 22

actionplugins_loadedincludes\class-cf7-googlemap.php:146

actionadmin_enqueue_scriptsincludes\class-cf7-googlemap.php:161

actionadmin_enqueue_scriptsincludes\class-cf7-googlemap.php:162

actionadmin_menuincludes\class-cf7-googlemap.php:163

actionadmin_initincludes\class-cf7-googlemap.php:164

actionadmin_noticesincludes\class-cf7-googlemap.php:166

actionupgrader_process_completeincludes\class-cf7-googlemap.php:167

actionwpcf7_admin_initincludes\class-cf7-googlemap.php:170

filterwpcf7_collect_mail_tagsincludes\class-cf7-googlemap.php:171

actionadmin_initincludes\class-cf7-googlemap.php:173

actioncf7sg_ui_grid_helper_hooksincludes\class-cf7-googlemap.php:175

actioncf7sg_ui_grid_js_helper_hooksincludes\class-cf7-googlemap.php:176

actioncf7sg_enqueue_admin_editor_scriptsincludes\class-cf7-googlemap.php:177

filterwpcf7_messagesincludes\class-cf7-googlemap.php:179

actionwp_enqueue_scriptsincludes\class-cf7-googlemap.php:192

actionwp_enqueue_scriptsincludes\class-cf7-googlemap.php:193

actionwpcf7_initincludes\class-cf7-googlemap.php:196

filterwpcf7_validate_mapincludes\class-cf7-googlemap.php:198

filterwpcf7_validate_map*includes\class-cf7-googlemap.php:199

filterwpcf7_posted_dataincludes\class-cf7-googlemap.php:200

actioncf7_2_post_saving_tag_mapincludes\class-cf7-googlemap.php:205

filtercf7_2_post_field_mapping_tag_mapincludes\class-cf7-googlemap.php:207

Maintenance & Trust

Contact Form 7 extension for Google Map fields Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedJul 11, 2023

PHP min version7.4

Downloads37K

Community Trust

Rating94/100

Number of ratings15

Active installs600

Alternatives

Contact Form 7 extension for Google Map fields Alternatives

Smart Grid-Layout Design for Contact Form 7

cf7-grid-layout

This plugins allow pure CSS responsive grid layouts for contact form 7. It enables rich interlinking of your CMS data via taxonomy/posts populated dr …

10K No CVEs

Contact Form 7 Polylang Module

cf7-polylang

This plugin allows multilingual contact form 7 management using the polylang plugin.

5K No CVEs

Post My CF7 Form

post-my-contact-form-7

This plugin enables the mapping of your CF7 forms to custom posts, including featured images, files, meta-fields and taxonomies

2K No CVEs

Map Field for Contact Form 7

map-field-for-contact-form-7

100

Add a Google Maps autocomplete address field with a live interactive map to any Contact Form 7 form. Supports draggable marker, address components, an …

80 No CVEs

WP Go Maps (formerly WP Google Maps)

wp-google-maps

The easiest to use Google maps plugin! Create a custom Google map, map block, store locator or map widget with high quality markers containing categor …

300K 22 CVEs

Developer Profile

Contact Form 7 extension for Google Map fields Developer Profile

Aurovrata Venet

6 plugins · 25K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

265 days

View full developer profile

Detection Fingerprints

How We Detect Contact Form 7 extension for Google Map fields

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cf7-google-map/admin/css/cf7-googleMap-admin.css/wp-content/plugins/cf7-google-map/assets/gmap3/gmap3.min.js/wp-content/plugins/cf7-google-map/assets/arrive/arrive.min.js/wp-content/plugins/cf7-google-map/admin/js/admin_settings_map.js/wp-content/plugins/cf7-google-map/admin/js/ui-custom-helper.js

Script Paths

http://maps.google.com/maps/api/js?key=/wp-content/plugins/cf7-google-map/assets/gmap3/gmap3.min.js/wp-content/plugins/cf7-google-map/assets/arrive/arrive.min.js/wp-content/plugins/cf7-google-map/admin/js/admin_settings_map.js/wp-content/plugins/cf7-google-map/admin/js/ui-custom-helper.js

Version Parameters

cf7-googleMap-admin.css?ver=gmap3.min.js?ver=arrive.min.js?ver=admin_settings_map.js?ver=ui-custom-helper.js?ver=

HTML / DOM Fingerprints

HTML Comments

<!-- This file is read by WordPress to generate the plugin information in the plugin
 * admin area. This file also includes all of the dependencies used by the plugin,
 * registers the activation and deactivation functions, and defines a function
 * that starts the plugin. -->

<!-- Defines the plugin name, version, and two examples hooks for how to
 * enqueue the admin-specific stylesheet and JavaScript. -->

+11 more

Data Attributes

data-latdata-lngdata-zoomdata-map-iddata-field-name

JS Globals

cf7_map_admin_settingscf7sgHelper

Shortcode Output

[map]

FAQ