WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Security & Risk Analysis

Send Contact Form 7, WPforms, Elementor, Ninja Forms, CRM Perks Forms and many other contact form submissions to insightly CRM.

100 active installs v1.1.6 PHP 5.3+ WP 3.8+ Updated Feb 23, 2026

contact-form-7-insightlyinsightlyinsightly-form-integrationinsightly-formsninja-forms-insightly

A · Safe

CVEs total1

Unpatched0

Last CVEAug 26, 2021

Plugin page Download

Safety Verdict

Is WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Safe to Use in 2026?

Generally Safe

Score 100/100

WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 26, 2021Updated 1mo ago

Risk Assessment

The 'cf7-insightly' plugin version 1.1.6 presents a generally good security posture based on the static analysis. The absence of exposed AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points significantly limits the attack surface. Furthermore, the high percentage of SQL queries using prepared statements (76%) and properly escaped outputs (75%) indicates diligent coding practices aimed at preventing common vulnerabilities like SQL injection and XSS. The presence of nonce and capability checks (17 and 24 respectively) also suggests a focus on authorization and access control.

However, the plugin is not entirely without risks. The static analysis shows 3 file operations and 3 external HTTP requests, which are potential vectors for exploitation if not handled securely. While the taint analysis revealed no unsanitized paths or critical/high severity flows, the historical data highlights a past medium severity Cross-Site Scripting (XSS) vulnerability discovered in 2021. Although currently unpatched CVEs are zero, this past incident suggests that even with good coding practices, vulnerabilities can emerge, and thorough code auditing and prompt patching remain crucial.

In conclusion, 'cf7-insightly' v1.1.6 demonstrates several strengths in its security implementation, particularly in its limited attack surface and use of prepared statements and output escaping. The past XSS vulnerability is a reminder of the inherent risks in web development, but the lack of current unpatched vulnerabilities and the healthy static analysis scores are positive indicators. Continued vigilance and prompt updates to address any future discovered issues are recommended.

Key Concerns

Past medium severity XSS vulnerability
File operations detected
External HTTP requests detected

Vulnerabilities

WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-cc1e9778-2860-4e3c-a2e4-28f10d585fed-cf7-insightlymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CRM Perks - Various Plugins (Various Versions) - Reflected Cross-Site Scripting

Aug 26, 2021 Patched in 1.0.9 (880d)

Code Analysis

Analyzed Mar 16, 2026

WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Code Analysis

Dangerous Functions

Raw SQL Queries

25 prepared

Unescaped Output

104

320 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

76% prepared33 total queries

Output Escaping

75% escaped424 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

settings_page (includes\plugin-pages.php:1478)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 39

actionplugins_loadedcf7-insightly.php:58

actioncfx_form_submittedcf7-insightly.php:103

actionvxcf_entry_createdcf7-insightly.php:104

actionvx_contact_createdcf7-insightly.php:105

actionvx_callcenter_entry_createdcf7-insightly.php:106

filterwpcf7_before_send_mailcf7-insightly.php:108

actionfrm_after_create_entrycf7-insightly.php:110

actionninja_forms_after_submissioncf7-insightly.php:111

actionwpforms_process_entry_savecf7-insightly.php:112

actionelementor_pro/forms/new_recordcf7-insightly.php:114

actioninitcf7-insightly.php:118

actionvx_cf_add_meta_boxincludes\crmperks-cf.php:10

actioncfx_add_meta_boxincludes\plugin-pages.php:35

actioncfx_form_entry_updatedincludes\plugin-pages.php:36

actioncfx_form_post_note_addedincludes\plugin-pages.php:37

actioncfx_form_pre_note_deletedincludes\plugin-pages.php:38

actioncfx_form_pre_trash_leadsincludes\plugin-pages.php:39

actioncfx_form_pre_restore_leadsincludes\plugin-pages.php:40

filteradmin_menuincludes\plugin-pages.php:52

filtervx_cf_meta_boxes_rightincludes\plugin-pages.php:53

actionadmin_noticesincludes\plugin-pages.php:54

filterplugin_action_linksincludes\plugin-pages.php:55

actionvxcf_entry_submit_btnincludes\plugin-pages.php:56

actionvx_cf7_post_note_addedincludes\plugin-pages.php:58

actionvx_cf7_pre_note_deletedincludes\plugin-pages.php:59

actionvx_cf7_pre_trash_leadsincludes\plugin-pages.php:60

actionvx_cf7_pre_restore_leadsincludes\plugin-pages.php:61

actionvx_cf7_entry_updatedincludes\plugin-pages.php:62

actionvx_contact_post_note_addedincludes\plugin-pages.php:64

actionvx_contact_pre_note_deletedincludes\plugin-pages.php:65

actionvx_contact_pre_trash_leadsincludes\plugin-pages.php:66

actionvx_contact_pre_restore_leadsincludes\plugin-pages.php:67

actionvx_contact_entry_updatedincludes\plugin-pages.php:68

filtervx_callcenter_entries_actionincludes\plugin-pages.php:70

filtervx_callcenter_bulk_actionsincludes\plugin-pages.php:71

filterplugin_row_metawp\crmperks-notices.php:16

filteradmin_footer_textwp\crmperks-notices.php:24

actionadmin_noticeswp\crmperks-notices.php:26

filterplugins_apiwp\crmperks-notices.php:28

Maintenance & Trust

WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 23, 2026

PHP min version5.3

Downloads7K

Community Trust

Rating100/100

Number of ratings7

Active installs100

Alternatives

WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Alternatives

WP Gravity Forms Insightly

gf-insightly

Gravity Forms Insightly Add-on sends Gravity Forms entries to Insightly.

60 2 CVEs

Developer Profile

WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Developer Profile

CRM Perks

32 plugins · 105K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

349 days

View full developer profile

Detection Fingerprints

How We Detect WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cf7-insightly/assets/css/backend-style.css/wp-content/plugins/cf7-insightly/assets/js/backend-script.js/wp-content/plugins/cf7-insightly/assets/css/frontend-style.css/wp-content/plugins/cf7-insightly/assets/js/frontend-script.js

Script Paths

/wp-content/plugins/cf7-insightly/assets/js/backend-script.js/wp-content/plugins/cf7-insightly/assets/js/frontend-script.js

Version Parameters

cf7-insightly/assets/css/backend-style.css?ver=cf7-insightly/assets/js/backend-script.js?ver=cf7-insightly/assets/css/frontend-style.css?ver=cf7-insightly/assets/js/frontend-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

vxcf-insightly-settings-pagevxcf-insightly-field-wrappervxcf-insightly-section-header

HTML Comments

Data Attributes

data-vxcf-insightly-iddata-vxcf-insightly-field-name

JS Globals

vxcf_insightly_optionsvxcf_insightly_localize

REST Endpoints

/wp-json/cf7-insightly/v1/settings

Shortcode Output

[cf7_insightly_form_settings][cf7_insightly_integration_status]

FAQ