WP-Safety

Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms Security & Risk Analysis

wordpress.org/plugins/cf7-mailchimp

Send Contact Form 7, WPforms, Elementor, Ninja Forms, CRM Perks Forms and many other contact form submissions to Mailchimp.

9K active installs v1.2.2 PHP 5.3+ WP 3.8+ Updated Jan 20, 2026
contact-form-7contact-form-7-mailchimpelementor-form-mailchimpmailchimpninja-forms-mailchimp
98
A · Safe
CVEs total2
Unpatched0
Last CVEMar 18, 2026
Plugin page Download
Safety Verdict

Is Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms Safe to Use in 2026?

Generally Safe

Score 98/100

Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Mar 18, 2026Updated 2mo ago
Risk Assessment

The 'cf7-mailchimp' v1.2.2 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of unprotected AJAX handlers, REST API routes, shortcodes, and cron events indicates a well-contained attack surface. The code also shows good practices in its use of prepared statements for SQL queries (76%) and proper output escaping (77%), along with a significant number of nonce and capability checks. This suggests a deliberate effort to implement security measures. However, a notable concern is the presence of a past medium-severity CVE related to Cross-Site Scripting. While this vulnerability is currently patched, its existence suggests that input validation and output sanitization may not have always been consistently robust, even with the otherwise positive code signals. The single file operation and two external HTTP requests, while not inherently insecure, represent potential vectors that warrant careful scrutiny in any deeper code review. The bundled Select2 library also presents a minor risk if it's not kept up-to-date, as outdated libraries can introduce vulnerabilities. Overall, the plugin appears to be developed with security in mind, but the historical vulnerability and potential for unaddressed weaknesses in file operations, external requests, and bundled libraries warrant a cautious approach.

Key Concerns

  • Past medium severity CVE for XSS
  • Bundled outdated library (Select2)
  • 2 external HTTP requests
  • 1 file operation
Vulnerabilities
2

Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-25430medium · 4.3Missing Authorization

Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.2 - Missing Authorization

Mar 18, 2026 Patched in 1.2.3 (10d)
WF-cc1e9778-2860-4e3c-a2e4-28f10d585fed-cf7-mailchimpmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CRM Perks - Various Plugins (Various Versions) - Reflected Cross-Site Scripting

Aug 26, 2021 Patched in 1.1.1 (880d)
Code Analysis
Analyzed Mar 16, 2026

Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
8
25 prepared
Unescaped Output
97
327 escaped
Nonce Checks
16
Capability Checks
23
File Operations
1
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

76% prepared33 total queries

Output Escaping

77% escaped424 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
settings_page (includes\plugin-pages.php:1475)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 39
actionplugins_loadedcf7-mailchimp.php:58
actioncfx_form_submittedcf7-mailchimp.php:103
actionvxcf_entry_createdcf7-mailchimp.php:104
actionvx_contact_createdcf7-mailchimp.php:105
actionvx_callcenter_entry_createdcf7-mailchimp.php:106
filterwpcf7_before_send_mailcf7-mailchimp.php:108
actionfrm_after_create_entrycf7-mailchimp.php:110
actionninja_forms_after_submissioncf7-mailchimp.php:111
actionwpforms_process_entry_savecf7-mailchimp.php:112
actionelementor_pro/forms/new_recordcf7-mailchimp.php:114
actioninitcf7-mailchimp.php:118
actionvx_cf_add_meta_boxincludes\crmperks-cf.php:10
actioncfx_add_meta_boxincludes\plugin-pages.php:35
actioncfx_form_entry_updatedincludes\plugin-pages.php:36
actioncfx_form_post_note_addedincludes\plugin-pages.php:37
actioncfx_form_pre_note_deletedincludes\plugin-pages.php:38
actioncfx_form_pre_trash_leadsincludes\plugin-pages.php:39
actioncfx_form_pre_restore_leadsincludes\plugin-pages.php:40
filteradmin_menuincludes\plugin-pages.php:52
filtervx_cf_meta_boxes_rightincludes\plugin-pages.php:53
actionadmin_noticesincludes\plugin-pages.php:54
filterplugin_action_linksincludes\plugin-pages.php:55
actionvxcf_entry_submit_btnincludes\plugin-pages.php:56
actionvx_cf7_post_note_addedincludes\plugin-pages.php:58
actionvx_cf7_pre_note_deletedincludes\plugin-pages.php:59
actionvx_cf7_pre_trash_leadsincludes\plugin-pages.php:60
actionvx_cf7_pre_restore_leadsincludes\plugin-pages.php:61
actionvx_cf7_entry_updatedincludes\plugin-pages.php:62
actionvx_contact_post_note_addedincludes\plugin-pages.php:64
actionvx_contact_pre_note_deletedincludes\plugin-pages.php:65
actionvx_contact_pre_trash_leadsincludes\plugin-pages.php:66
actionvx_contact_pre_restore_leadsincludes\plugin-pages.php:67
actionvx_contact_entry_updatedincludes\plugin-pages.php:68
filtervx_callcenter_entries_actionincludes\plugin-pages.php:70
filtervx_callcenter_bulk_actionsincludes\plugin-pages.php:71
filterplugin_row_metawp\crmperks-notices.php:16
filteradmin_footer_textwp\crmperks-notices.php:24
actionadmin_noticeswp\crmperks-notices.php:26
filterplugins_apiwp\crmperks-notices.php:28
Maintenance & Trust

Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 20, 2026
PHP min version5.3
Downloads151K

Community Trust

Rating100/100
Number of ratings30
Active installs9K
Alternatives

Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms Alternatives

Redirection for Contact Form 7

Redirection for Contact Form 7

wpcf7-redirect

A
88

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs
Connect Contact Form 7 and Mailchimp

Connect Contact Form 7 and Mailchimp

contact-form-7-mailchimp-extension

A
96

Connect Contact Form 7 to Mailchimp. Automatically sync form submissions to your Mailchimp audiences with merge field mapping, double opt-in, and opt- &hellip;

50K 3 CVEs
Contact Form user to Mailchimp Audience

Contact Form user to Mailchimp Audience

contact-form-user-to-mailchimp-audience

A
85

Plugin sends Contact Form 7 (first name, last name, email, phone) to Mailchimp Audience.

0 No CVEs
reCaptcha Add-On for FormCraft

reCaptcha Add-On for FormCraft

formcraft-recaptcha

A
85

Add reCaptcha to your FormCraft forms.

7K No CVEs
Contact Form 7 Connector

Contact Form 7 Connector

ari-cf7-connector

A
99

MailChimp, MailerLite and Zapier integration with Contact Form 7. Use form data smartly. Generate unlimited leads and extend mailing lists.

5K 3 CVEs
Developer Profile

Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms Developer Profile

CRM Perks

32 plugins · 105K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
339 days
View full developer profile
Detection Fingerprints

How We Detect Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cf7-mailchimp/css/style.css/wp-content/plugins/cf7-mailchimp/js/admin.js/wp-content/plugins/cf7-mailchimp/js/frontend.js/wp-content/plugins/cf7-mailchimp/css/admin.css
Script Paths
/wp-content/plugins/cf7-mailchimp/js/admin.js/wp-content/plugins/cf7-mailchimp/js/frontend.js
Version Parameters
cf7-mailchimp/css/style.css?ver=cf7-mailchimp/js/admin.js?ver=cf7-mailchimp/js/frontend.js?ver=cf7-mailchimp/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
vx_cf7_mailchimp_wrapcrmperks-noticesvxcf_mailchimp_menuvx_cf7_mailchimp
Data Attributes
data-cf7-mailchimp-settings
JS Globals
vxcf_mailchimp_admin_objvx_cf7_mailchimp_vars
REST Endpoints
/wp-json/cf7-mailchimp/v1/get_forms
FAQ

Frequently Asked Questions about Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms