[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQLQNozglhwaYWXiTSDbroZaVSfCq9Fpv60zVdcAkG0M":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":89,"crawl_stats":38,"alternatives":95,"analysis":196,"fingerprints":609},"cf7-message-filter","Message Filter for Contact Form 7","1.6.3.8","Kofi Mokome","https:\u002F\u002Fprofiles.wordpress.org\u002Fkofimokome\u002F","\u003Cp>Do you receive spams every day? have you installed a dozen plugins and you still get spammed? Well this may be the solution to your problem.\u003Cbr \u002F>\nThis plugin filters messages submitted from contact form 7. You can decide to either filter messages based on restricted words found in the content of the message or filter based on the email of the person submitting the form.\u003Cbr \u002F>\nFilters will be extended to other contact form plugins with time.\u003C\u002Fp>\n\u003Ch3>Supported Plugins\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Contact form 7\u003C\u002Fli>\n\u003Cli>WPForms\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Note: This is just an extension. This plugin is not affiliated with or endorsed by Contact Form 7 or WPForms.\u003C\u002Fp>\n\u003Ch3>Pro Features\u003C\u002Fh3>\n\u003Cp>Upgrade to the pro version from the Account submenu page to have access the following features:\u003Cbr \u002F>\n1. Unlimited words and emails: Add as many words and emails as you want\u003Cbr \u002F>\n2. Month Reports: Receive monthly spam reports directly to your email\u003Cbr \u002F>\n3. Spam Suggestion: Receive suggestions for new spam words and emails\u003Cbr \u002F>\n4. Blacklist\u002FWhitelist forms: Decide which forms to validate or not to validate\u003Cbr \u002F>\n5. CSV Upload: Upload CSV with spam words\u002Femails\u003Cbr \u002F>\n6. Add custom filters: Create your own custom filters\u003C\u002Fp>\n\u003Ch3>PRIVACY\u003C\u002Fh3>\n\u003Cp>We may collect ONLY the following information, if accepted by the site administrator:\u003Cbr \u002F>\n– The messages blocked by the plugin and\u003Cbr \u002F>\n– Words added to the plugin as spam\u003Cbr \u002F>\nThis is used solely for the purpose of making improvements to the plugin.\u003C\u002Fp>\n\u003Cp>In addition to the above, Freemius, a third party plugin used to manage plugin licences may also collect additional information, if the site administrator accepts.\u003C\u002Fp>\n\u003Ch3>How to Contribute\u003C\u002Fh3>\n\u003Cp>The source codes can be downloaded here \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkofimokome\u002Fcf7-message-filter\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fp>\n","Filter messages submitted through contact form 7 based on words and\u002For emails listed as restricted.",1000,48557,98,13,"2025-10-25T13:35:00.000Z","6.8.5","6.6","8.0",[20,21,22,23,24],"contact-form-7","filter","spam","spam-filter","wpforms","https:\u002F\u002Fgithub.com\u002Fkofimokome\u002Fcf7-message-filter","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-message-filter.1.6.3.8.zip",96,4,0,"2025-04-22 00:00:00","2026-03-15T15:16:48.613Z",[33,49,64,74],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-46252","message-filter-for-contact-form-7-authenticated-administrator-sql-injection","Message Filter for Contact Form 7 \u003C= 1.6.3.2 - Authenticated (Administrator+) SQL Injection","The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.6.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=1.6.3.2","1.6.33","medium",4.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2025-04-30 20:32:00",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8c046bf6-bc0d-45b1-9424-316ae6a01a3d?source=api-prod",9,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63},"CVE-2024-12026","message-filter-for-contact-form-7-missing-authorization-to-authenticated-subscriber-new-filter-creation","Message Filter for Contact Form 7 \u003C= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) New Filter Creation","The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters. CVE-2024-54254 may be a duplicate of this CVE.","\u003C=1.6.3","1.6.3.1",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2024-12-06 12:01:13","2024-12-12 13:50:39",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7e7044aa-a1e7-4b1d-9f50-5e250426c6b0?source=api-prod",6,{"id":65,"url_slug":66,"title":67,"description":68,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":69,"updated_date":70,"references":71,"days_to_patch":73},"CVE-2024-12027","message-filter-for-contact-form-7-missing-authorization-to-authenticated-subscriber-filter-updatesdeletions","Message Filter for Contact Form 7 \u003C= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Filter Updates\u002FDeletions","The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update and delete filters.","2024-12-05 19:52:04","2024-12-10 14:26:02",[72],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5754d2eb-dd31-4056-8a02-8b71b78f774b?source=api-prod",5,{"id":75,"url_slug":76,"title":77,"description":78,"plugin_slug":4,"theme_slug":38,"affected_versions":79,"patched_in_version":80,"severity":41,"cvss_score":81,"cvss_vector":82,"vuln_type":83,"published_date":84,"updated_date":85,"references":86,"days_to_patch":88},"CVE-2024-39647","message-filter-for-contact-form-7-reflected-cross-site-scripting","Message Filter for Contact Form 7 \u003C= 1.6.1.1 - Reflected Cross-Site Scripting","The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form' parameter in all versions up to, and including, 1.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.6.1.1","1.6.2",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-08-01 00:00:00","2024-08-07 16:47:41",[87],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F31ed0d2a-94bc-4526-9d21-6f2f544696d2?source=api-prod",7,{"slug":90,"display_name":7,"profile_url":8,"plugin_count":91,"total_installs":92,"avg_security_score":93,"avg_patch_time_days":88,"trust_score":93,"computed_at":94},"kofimokome",3,1400,99,"2026-04-04T05:52:32.726Z",[96,120,141,158,176],{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":27,"num_ratings":106,"last_updated":107,"tested_up_to":16,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":115,"download_link":116,"security_score":117,"vuln_count":118,"unpatched_count":29,"last_vuln_date":119,"fetched_at":31},"antispam-bee","Antispam Bee","2.11.8","pluginkollektiv","https:\u002F\u002Fprofiles.wordpress.org\u002Fpluginkollektiv\u002F","\u003Cp>Say Goodbye to comment spam on your WordPress blog or website. \u003Cem>Antispam Bee\u003C\u002Fem> blocks spam comments and trackbacks effectively, without captchas and without sending personal information to third party services. It is free of charge, ad-free and 100% GDPR compliant.\u003C\u002Fp>\n\u003Ch3>Feature\u002FSettings Overview\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Trust approved commenters.\u003C\u002Fli>\n\u003Cli>Trust commenters with a Gravatar.\u003C\u002Fli>\n\u003Cli>Consider the comment time.\u003C\u002Fli>\n\u003Cli>Allow comments only in a certain language.\u003C\u002Fli>\n\u003Cli>Block or allow commenters from certain countries.\u003C\u002Fli>\n\u003Cli>Treat BBCode links as spam.\u003C\u002Fli>\n\u003Cli>Use regular expressions.\u003C\u002Fli>\n\u003Cli>Search local spam database for commenters previously marked as spammers.\u003C\u002Fli>\n\u003Cli>Notify admins by e-mail about incoming spam.\u003C\u002Fli>\n\u003Cli>Delete existing spam after n days.\u003C\u002Fli>\n\u003Cli>Limit approval to comments\u002Fpings (will delete other comment types).\u003C\u002Fli>\n\u003Cli>Select spam indicators to send comments to deletion directly.\u003C\u002Fli>\n\u003Cli>Optionally exclude trackbacks and pingbacks from spam detection.\u003C\u002Fli>\n\u003Cli>Optionally spam-check comment forms on archive pages.\u003C\u002Fli>\n\u003Cli>Display spam statistics on the dashboard, including daily updates of spam detection rate and a total of blocked spam comments.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Community support via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fantispam-bee\" rel=\"ugc\">support forums on wordpress.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Read \u003Ca href=\"https:\u002F\u002Fantispambee.pluginkollektiv.org\u002Fdocumentation\u002F\" rel=\"nofollow ugc\">the documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>We don’t handle support via e-mail, Twitter, GitHub issues etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Active development of this plugin is handled \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpluginkollektiv\u002Fantispam-bee\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Pull requests for documented bugs are highly appreciated.\u003C\u002Fli>\n\u003Cli>If you think you’ve found a bug (e.g. you’re experiencing unexpected behavior), please post at the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fantispam-bee\" rel=\"ugc\">support forums\u003C\u002Fa> first.\u003C\u002Fli>\n\u003Cli>If you want to help us translate this plugin you can do so \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fantispam-bee\" rel=\"nofollow ugc\">on WordPress Translate\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Author: \u003Ca href=\"https:\u002F\u002Fsergejmueller.github.io\u002F\" rel=\"nofollow ugc\">Sergej Müller\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Maintainers: \u003Ca href=\"https:\u002F\u002Fpluginkollektiv.org\" rel=\"nofollow ugc\">pluginkollektiv\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.",700000,10958057,225,"2025-07-22T11:23:00.000Z","4.6","5.2",[111,112,113,23,114],"anti-spam","antispam","comments","spam-protection","https:\u002F\u002Fantispambee.pluginkollektiv.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fantispam-bee.2.11.8.zip",100,1,"2023-11-27 00:00:00",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":135,"tags":136,"homepage":139,"download_link":140,"security_score":117,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"contact-form-7-image-captcha","Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO\u002FGDPR)","3.3.28","hookandhook","https:\u002F\u002Fprofiles.wordpress.org\u002Fhookandhook\u002F","\u003Cp>Add an SVG image captcha and honeypot to your Contact Form 7 or WPForms form. Based on our interpretation this CAPTCHA plugin is GDPR compliant because the images are inline SVGs and no download of external resources happens, in addition no cookies or other storing mechanisms are used on the user’s device, this plugin will not slow down your site with additional header requests like Google’s ReCAPTCHA and respects your users privacy.\u003C\u002Fp>\n\u003Ch4>Directions [PLEASE READ]\u003C\u002Fh4>\n\u003Cp>Contact Form 7:\u003Cbr \u002F>\nAdd the shortcode [cf7ic] to the form editor where you want the CAPTCHA to appear.\u003C\u002Fp>\n\u003Cp>You can hide the CAPTCHA until a user interacts with the form, by adding “toggle” to the shortcode: [cf7ic “toggle”]\u003C\u002Fp>\n\u003Cp>WPForms:\u003Cbr \u002F>\nJust activate the CAPTCHA for WPForms on the plugin’s settings page.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Like the plugin?\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>Please consider leaving a review.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>As of version 3.2.0, \u003Cstrong>Contact Form 7 Conditional Fields\u003C\u002Fstrong> is now fully supported! You no longer need to add \u003Ccode>[hidden kc_captcha \"kc_human\"]\u003C\u002Fcode> to forms that do not include the [cf7ic] shortcode.\u003C\u002Fp>\n\u003Ch3>Go Pro!\u003C\u002Fh3>\n\u003Cp>Get even better spam protection with the All-in-one Image CAPTCHA Pro version of this plugin which includes additional options to improve spam protection, options to control the look and style of the CAPTCHA and messages, additional forms support including login screens, gravity forms, WooCommerce and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PRO Demo\u003C\u002Fstrong>\u003Cbr \u002F>\nSee the Pro version in action on my \u003Ca href=\"https:\u002F\u002Fwpimagecaptcha.com\u002Fcontact\u002F?utm_source=wp_readme&utm_medium=wp_readme&wp_campaign=readme\" rel=\"nofollow ugc\">contact page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Check out our \u003Ca href=\"https:\u002F\u002Fwpimagecaptcha.com\u002Fdownloads\u002Fpro-plugin\u002F?utm_source=wp_readme&utm_medium=wp_readme&wp_campaign=readme\" rel=\"nofollow ugc\">pro version\u003C\u002Fa> for more details.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PRO Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>GDPR compliant\u003C\u002Fli>\n\u003Cli>ADA\u002Fa11y\u002FWCAG compliant\u003C\u002Fli>\n\u003Cli>Gravity Forms support\u003C\u002Fli>\n\u003Cli>WooCommerce support for login, registration and checkout forms (optional)\u003C\u002Fli>\n\u003Cli>WordPress login\u002Fregistration form support (optional)\u003C\u002Fli>\n\u003Cli>Default WordPress comment support\u003C\u002Fli>\n\u003Cli>Customize the look of the WordPress login\u002Fregistration screen and form\u003C\u002Fli>\n\u003Cli>CAPTCHA refreshes on submit to make it harder for automated spammers\u003C\u002Fli>\n\u003Cli>Reverse honeypot which checks if you are human through form engagement\u003C\u002Fli>\n\u003Cli>Stronger security with hashed answers to make it harder for automated spammers to read the answers\u003C\u002Fli>\n\u003Cli>Add additional icons to increase the chances of a random guess getting through. You can increase it from a 1 and 3 chance all the way up to a 1 in 10 chance! \u003C\u002Fli>\n\u003Cli>Select which icons you wish to use\u003C\u002Fli>\n\u003Cli>Add additional icons from Font Awesome 4.7\u003C\u002Fli>\n\u003Cli>Add your own custom SVG icons\u003C\u002Fli>\n\u003Cli>Customize the icon titles\u003C\u002Fli>\n\u003Cli>Change the captcha message\u003C\u002Fli>\n\u003Cli>Change the captcha errors\u003C\u002Fli>\n\u003Cli>Change the box color and border\u003C\u002Fli>\n\u003Cli>Change font and icon color and size independently\u003C\u002Fli>\n\u003Cli>Change the selected icon appearance\u003C\u002Fli>\n\u003Cli>Change where the icons appear\u003C\u002Fli>\n\u003Cli>Change the box from full width to content width\u003C\u002Fli>\n\u003Cli>jQuery free on the front end\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpimagecaptcha.com\u002Fdownloads\u002Fpro-plugin\u002F?utm_source=wp_readme&utm_medium=wp_readme&wp_campaign=readme\" rel=\"nofollow ugc\">Go Pro!\u003C\u002Fa>\u003C\u002Fp>\n","Adds an Image CAPTCHA to Contact Form 7 and WPForms, GDPR ready, perfect WPForms or Contact Form 7 Spam Protection Image CAPTCHA, adds a honeypot",80000,1519968,94,49,"2025-12-10T06:28:00.000Z","6.9.4","4.7","7.0",[137,20,138,22,24],"captcha","gdpr","https:\u002F\u002Fwpimagecaptcha.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontact-form-7-image-captcha.3.3.28.zip",{"slug":142,"name":143,"version":144,"author":145,"author_profile":146,"description":147,"short_description":148,"active_installs":11,"downloaded":149,"rating":117,"num_ratings":150,"last_updated":151,"tested_up_to":133,"requires_at_least":152,"requires_php":153,"tags":154,"homepage":156,"download_link":157,"security_score":117,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"fullworks-anti-spam","Stop Contact Form 7 Spam & WPForms Spam – Free Protection","2.6.1","fullworks","https:\u002F\u002Fprofiles.wordpress.org\u002Ffullworks\u002F","\u003Cp>\u003Cstrong>Is Contact Form 7 spam destroying your mornings?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Every day, the same nightmare: dozens of fake submissions, worried you’ll miss real customers, and other plugins want $60\u002Fyear just for basic protection.\u003C\u002Fp>\n\u003Cp>This free plugin ends that nightmare today.\u003C\u002Fp>\n\u003Ch4>What Gets Protected (FREE)\u003C\u002Fh4>\n\u003Cp>✅ \u003Cstrong>Contact Form 7\u003C\u002Fstrong> – Block bot spam automatically\u003Cbr \u002F>\n✅ \u003Cstrong>WPForms Lite & Pro\u003C\u002Fstrong> – Stop automated submissions\u003Cbr \u002F>\n✅ \u003Cstrong>Jetpack Contact Forms\u003C\u002Fstrong> – Filter bot spam instantly\u003Cbr \u002F>\n✅ \u003Cstrong>Fluent Forms\u003C\u002Fstrong> – Eliminate bot attacks\u003Cbr \u002F>\n✅ \u003Cstrong>SureForms\u003C\u002Fstrong> – Block bot spam submissions\u003Cbr \u002F>\n✅ \u003Cstrong>WordPress Comments\u003C\u002Fstrong> – Clean comment spam from badbots\u003Cbr \u002F>\n✅ \u003Cstrong>Business sites included\u003C\u002Fstrong> – No commercial fees ever\u003C\u002Fp>\n\u003Cp>Works immediately after activation. No configuration. No learning curve. No monthly costs.\u003C\u002Fp>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>3 Steps to Spam-Free Contact Forms:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Install\u003C\u002Fstrong> – Search “Contact Form 7 spam” in your WordPress dashboard\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activate\u003C\u002Fstrong> – One click to turn on protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Relax\u003C\u002Fstrong> – Your Contact Form 7 and WPForms and others are now protected from bots\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The moment you activate, spam bots are automatically blocked on all your forms and comments. No settings to configure. No technical knowledge required. No ongoing maintenance.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Most users report 95-100% spam reduction within the first 24 hours.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Tomorrow morning, check your inbox. Instead of dozens of spam submissions, you’ll see only real customer inquiries. That’s the peace of mind this plugin delivers.\u003C\u002Fp>\n\u003Ch4>Why Contact Form 7 Needs This\u003C\u002Fh4>\n\u003Cp>Contact Form 7 is WordPress’s most popular form plugin with over 5 million active installations. It’s lightweight, flexible, and completely free.\u003C\u002Fp>\n\u003Cp>But it doesn’t include spam protection.\u003C\u002Fp>\n\u003Cp>Without protection, Contact Form 7 sites get hammered. Bot networks discover unprotected forms and flood them with submissions. Your inbox fills with junk. You waste time sorting real inquiries from spam. Worse, you risk missing legitimate customers buried in the noise.\u003C\u002Fp>\n\u003Cp>This plugin fixes that problem. For free. Forever.\u003C\u002Fp>\n\u003Ch4>Free vs Pro: What You Get\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>FREE Version (Most Sites Need Only This):\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ Contact Form 7 bot spam blocked\u003Cbr \u002F>\n✅ WPForms automated spam stopped\u003Cbr \u002F>\n✅ Jetpack forms protected\u003Cbr \u002F>\n✅ Fluent Forms secured\u003Cbr \u002F>\n✅ SureForms protected\u003Cbr \u002F>\n✅ WordPress comment spam eliminated\u003Cbr \u002F>\n✅ Works on business\u002Fcommercial sites\u003Cbr \u002F>\n✅ Spam statistics dashboard\u003C\u002Fp>\n\u003Cp>Automated bots cause 95%+ of spam. The free version handles this completely.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PRO Version (For Advanced Needs):\u003C\u002Fstrong>\u003Cbr \u002F>\n⚡ AI-powered human spam detection\u003Cbr \u002F>\n⚡ Gravity Forms integration\u003Cbr \u002F>\n⚡ WooCommerce registration protection\u003Cbr \u002F>\n⚡ Email quarantine for review\u003Cbr \u002F>\n⚡ Custom IP blocklists\u003Cbr \u002F>\n⚡ Allow\u002Fdeny pattern rules\u003Cbr \u002F>\n⚡ Priority support\u003C\u002Fp>\n\u003Cp>Most Contact Form 7 users never need Pro. But if you’re getting manually-typed spam or need enterprise features, Pro has you covered.\u003C\u002Fp>\n\u003Ch4>Why This Works Better Than CAPTCHA\u003C\u002Fh4>\n\u003Cp>CAPTCHA makes your visitors prove they’re human by solving puzzles. It’s annoying, hurts conversions, and still lets some spam through.\u003C\u002Fp>\n\u003Cp>This plugin takes a smarter approach:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Invisible honeypot fields\u003C\u002Fstrong> – Bots can’t resist filling hidden fields that humans never see\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Timing analysis\u003C\u002Fstrong> – Bots submit forms instantly; real people don’t\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Behavioral fingerprinting\u003C\u002Fstrong> – Bot patterns are detectable and consistent\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No user friction\u003C\u002Fstrong> – Your visitors never know the protection exists\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightning fast\u003C\u002Fstrong> – All processing happens locally on your server\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Your Contact Form 7 stays fast. Your conversion rates stay high. Spam disappears.\u003C\u002Fp>\n\u003Cp>It just works. Quietly. Effectively. Completely free.\u003C\u002Fp>\n\u003Ch4>Common Questions Answered\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>“Will this work with my existing Contact Form 7 setup?”\u003C\u002Fstrong>\u003Cbr \u002F>\nYes. It integrates automatically with all CF7 configurations, custom fields, and extensions. Nothing breaks. Spam just stops.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>“I’m not technical. Can I install this?”\u003C\u002Fstrong>\u003Cbr \u002F>\nIf you can install a WordPress plugin, you can use this. There’s literally nothing to configure. Install, activate, done.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>“What about sites that aren’t in English?”\u003C\u002Fstrong>\u003Cbr \u002F>\nWorks perfectly on all languages. The spam detection doesn’t depend on language – it detects bot behavior patterns.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>“My site sells products. Do I have to pay?”\u003C\u002Fstrong>\u003Cbr \u002F>\nNo. Unlike some popular anti-spam solutions that charge business sites, this is free for commercial use. No exceptions. No hidden fees.\u003C\u002Fp>\n\u003Ch4>Ready to Stop Contact Form 7 Spam?\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Installation takes 30 seconds:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>In your WordPress dashboard, go to Plugins \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Add New\u003C\u002Fli>\n\u003Cli>Search for “Contact Form 7 spam”\u003C\u002Fli>\n\u003Cli>Click Install, then Activate\u003C\u002Fli>\n\u003Cli>Done – your forms are now protected\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Check your email tomorrow. Enjoy the silence.\u003C\u002Fp>\n\u003Cp>For detailed statistics and settings, visit Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Anti Spam after activation.\u003C\u002Fp>\n\u003Ch3>Go Pro\u003C\u002Fh3>\n\u003Cp>Most Contact Form 7 users never need Pro – the free version eliminates their spam problem completely.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>But if you need advanced protection, Pro delivers:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>AI-Powered Human Spam Detection\u003C\u002Fstrong> – Stop manually-typed spam that gets past basic filters\u003Cbr \u002F>\n✅ \u003Cstrong>Gravity Forms Integration\u003C\u002Fstrong> – Complete protection for premium form users\u003Cbr \u002F>\n✅ \u003Cstrong>WooCommerce Registration Blocking\u003C\u002Fstrong> – Stop fake account spam\u003Cbr \u002F>\n✅ \u003Cstrong>Email Quarantine\u003C\u002Fstrong> – Review and rescue any legitimate messages caught by mistake\u003Cbr \u002F>\n✅ \u003Cstrong>Custom Allow\u002FDeny Rules\u003C\u002Fstrong> – Block specific IPs, patterns, or keywords\u003Cbr \u002F>\n✅ \u003Cstrong>IP Blocklist Checking\u003C\u002Fstrong> – Automatic blocking of known spam networks\u003Cbr \u002F>\n✅ \u003Cstrong>Priority Support\u003C\u002Fstrong> – Get help directly from the developers\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Perfect for:\u003C\u002Fstrong>\u003Cbr \u002F>\n– High-traffic sites getting manually-entered spam\u003Cbr \u002F>\n– Agencies managing multiple client installations\u003Cbr \u002F>\n– Enterprise sites requiring advanced controls\u003Cbr \u002F>\n– Gravity Forms and WooCommerce users\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffullworksplugins.com\u002Fproducts\u002Fanti-spam\u002F\" rel=\"nofollow ugc\">Start Your Free 14-Day Pro Trial\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Try Pro features risk-free. No credit card required. If it’s not worth it, just let the trial expire. No pressure, no hassle.\u003C\u002Fp>\n","Stop Contact Form 7 spam and WPForms spam instantly. Free spam protection for business sites. No CAPTCHA. No API keys. Just works.",56605,11,"2025-11-15T00:09:00.000Z","5.3.0","7.4",[111,155,20,114,24],"cf7","https:\u002F\u002Ffullworksplugins.com\u002Fproducts\u002Fanti-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffullworks-anti-spam.2.6.1.zip",{"slug":159,"name":160,"version":161,"author":162,"author_profile":163,"description":164,"short_description":165,"active_installs":166,"downloaded":167,"rating":29,"num_ratings":29,"last_updated":168,"tested_up_to":16,"requires_at_least":17,"requires_php":169,"tags":170,"homepage":174,"download_link":175,"security_score":117,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"spam-filter-for-elementor-form","Spam Filter For Elementor Form","1.4","wizbee IT","https:\u002F\u002Fprofiles.wordpress.org\u002Fwizbee\u002F","\u003Cp>Tired of spammy SEO pitches, fake marketing offers, and bot submissions flooding your Elementor Pro forms? By filtering only the message field, you can eliminate up to 95% spam submissions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Spam Filter For Elementor Form\u003C\u002Fstrong> do that and gives you the control you need to stop them, without relying on external services.\u003C\u002Fp>\n\u003Cp>This plugin filters the input field of your forms to block submissions containing unwanted words, suspicious URLs, or emails from unauthorized domains. You can block all URLs except those from your domain or specific domains you allow. If someone tries to submit a form with a disallowed link, they’ll see a clear error message asking them to remove it.\u003C\u002Fp>\n\u003Cp>Here’s the beauty of it: real visitors who want to share something useful will usually say, “I have a link to share, can you contact me so I can send it?” Spam bots, on the other hand, just drop links and hit submit. That’s where this filter stops them.\u003C\u002Fp>\n\u003Cp>Whether you want to block certain phrases, links, or reject emails from shady domains, this plugin lets you do it easily, right from the WordPress dashboard.\u003C\u002Fp>\n\u003Ch3>Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Enable or disable filtering for specific or all Elementor Pro forms.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Block messages that contain specific words or patterns.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Reject any submission containing links—except those from allowed domains.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Block or allow email addresses based on domain (whitelist or blocklist mode).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Custom error messages shown directly inside the form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>No third-party services or APIs—fully local and lightweight.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Built exclusively for Elementor Pro forms.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for any site owner who’s fed up with form spam and wants a simple, effective way to stop it.\u003C\u002Fp>\n\u003Ch3>How to Use:\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Enable Filtering:\u003C\u002Fstrong>\u003Cbr \u002F>\nGo to \u003Cstrong>Elementor \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Contact Form Filter\u003C\u002Fstrong> and check the “Enable Spam Filter” option.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Target the Right Form:\u003C\u002Fstrong>\u003Cbr \u002F>\nEnter the name of the form you want to filter in the “Form Name” setting. This must match the “Form Name” from your Elementor Pro form settings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Set Blocked Words:\u003C\u002Fstrong>\u003Cbr \u002F>\nAdd a list of blocked words (one per line). Any form submission containing these words will be rejected.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Filter URLs:\u003C\u002Fstrong>\u003Cbr \u002F>\nOnly allow URLs from specific domains. Other links will trigger a validation error.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Control Email Domains:\u003C\u002Fstrong>\u003Cbr \u002F>\nEnable email filtering and choose between whitelist or blocklist mode. Add domains or full email addresses to control who can submit the form.\u003C\u002Fp>\n\u003Ch3>Enjoying the Plugin?\u003C\u002Fh3>\n\u003Cp>If you find \u003Cstrong>Spam Filter For Elementor Form\u003C\u002Fstrong> helpful, please consider leaving a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Felementor-form-spam-filter\u002F#reviews\" rel=\"ugc\">review on WordPress.org\u003C\u002Fa>. Your feedback helps us improve and reach more users.\u003C\u002Fp>\n\u003Ch3>Other useful and absolutely free plugins from WizBee IT\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-duplicate-woo-order\u002F\" rel=\"ugc\">Easy Duplicate Woo Order\u003C\u002Fa>: Adds a custom action to duplicate WooCommerce orders easily.\u003Cbr \u002F>\n  \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-product-in-woo-order\u002F\" rel=\"ugc\">Custom Product in Woo Order\u003C\u002Fa>: Add custom one-time items directly to WooCommerce orders without adding them to the catalog.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Visit our website for more at \u003Ca href=\"https:\u002F\u002Fwww.wizbeeit.com\u002F\" rel=\"nofollow ugc\">WizBee IT\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later license. For more information, see https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html.\u003C\u002Fp>\n","A simple yet powerful plugin that adds advanced spam and content filtration to your Elementor Pro forms.",90,421,"2025-07-24T16:06:00.000Z","7.8",[111,171,172,23,173],"block-spam","elementor-pro-form","word-filter","https:\u002F\u002Fwww.wizbeeit.com\u002Fspam-filter-for-elementor-form\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspam-filter-for-elementor-form.1.4.zip",{"slug":177,"name":178,"version":179,"author":180,"author_profile":181,"description":182,"short_description":183,"active_installs":184,"downloaded":185,"rating":186,"num_ratings":118,"last_updated":187,"tested_up_to":188,"requires_at_least":189,"requires_php":190,"tags":191,"homepage":193,"download_link":194,"security_score":195,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"squelch-unspam","Squelch Unspam","1.5.1","Matt Lowe","https:\u002F\u002Fprofiles.wordpress.org\u002Fsquelch\u002F","\u003Cp>Unspam by Squelch Design is the simplest \u003Ca href=\"http:\u002F\u002Fsquelchdesign.com\u002Fwordpress-plugin-squelch-unspam\u002F\" rel=\"nofollow ugc\">WordPress anti-spam plugin\u003C\u002Fa> you can find for \u003Cstrong>reducing your comment spam\u003C\u002Fstrong> problem. Once installed there’s nothing\u003Cbr \u002F>\nto configure, and nothing changes to your visitors: No captcha or silly games. Once installed\u003Cbr \u002F>\nthe plugin will simply randomize the names of the fields in the comments form on your blog and reject comments that are sent to the\u003Cbr \u002F>\nstandard WordPress field names, or where bots have blindly submitted data to the honeypot fields.\u003C\u002Fp>\n\u003Cp>What this means for spammers is that they have to do quite a lot more work to send spam to your website. It may also make sending\u003Cbr \u002F>\nspam to your website unreliable as changes to your theme may upset their spam submission tools. Or they may have to resort to using\u003Cbr \u002F>\nhumans to send spam to your website (not much I can do about that I’m afraid) which will cost them more money.\u003C\u002Fp>\n\u003Cp>Currently implemented:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Names of fields are randomized every night at 12:00,\u003C\u002Fli>\n\u003Cli>Submissions to the standard WordPress field names are automatically deleted,\u003C\u002Fli>\n\u003Cli>Honeypot fields added to comments form,\u003C\u002Fli>\n\u003Cli>WooCommerce support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additional (planned) features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Contact Form 7 integration\u003C\u002Fli>\n\u003Cli>Statistical collection,\u003C\u002Fli>\n\u003Cli>Automated blocking of persistent IPs,\u003C\u002Fli>\n\u003Cli>Opt-in centralized collection of comment spam and statistics for additional research.\u003C\u002Fli>\n\u003C\u002Ful>\n","Unspam makes it harder for spammers to automatedly send spam to your blog by changing the names of the fields in the comment forms.",50,3844,60,"2024-04-10T11:08:00.000Z","6.5.8","4.4","",[192,113,21,22,23],"comment-spam-filter","http:\u002F\u002Fsquelchdesign.com\u002Fwordpress-plugin-squelch-unspam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsquelch-unspam.1.5.1.zip",92,{"attackSurface":197,"codeSignals":357,"taintFlows":551,"riskAssessment":597,"analyzedAt":608},{"hooks":198,"ajaxHandlers":300,"restRoutes":353,"shortcodes":354,"cronEvents":355,"entryPointCount":356,"unprotectedCount":118},[199,205,210,214,219,223,226,230,235,241,245,249,252,256,259,263,266,270,274,277,279,282,285,289,291,293,296],{"type":200,"name":201,"callback":202,"file":203,"line":204},"action","after_uninstall","km_message_filter\\KMCF7Uninstall","cf7-message-filter.php",68,{"type":200,"name":206,"callback":207,"priority":208,"file":203,"line":209},"admin_notices","km_message_filter\\KMCF7ErrorNotice",10,101,{"type":200,"name":211,"callback":212,"file":203,"line":213},"init","closure",192,{"type":200,"name":215,"callback":216,"file":217,"line":218},"admin_enqueue_scripts","addAdminScripts","core\\KMCFMessageFilter.php",61,{"type":200,"name":220,"callback":221,"file":217,"line":222},"wp_enqueue_scripts","addScripts",62,{"type":200,"name":206,"callback":224,"file":217,"line":225},"dataCollectionNotice",63,{"type":21,"name":227,"callback":212,"file":228,"line":229},"kmcf7_requires_filter","core\\requires.php",8,{"type":21,"name":231,"callback":232,"file":233,"line":234},"kmcf7_includes_filter","km_message_filter\\addModels","models\\includes.php",19,{"type":21,"name":236,"callback":237,"priority":238,"file":239,"line":240},"wpcf7_skip_mail","skipMail",999,"modules\\contactform7\\ContactForm7Module.php",381,{"type":21,"name":242,"callback":243,"priority":238,"file":239,"line":244},"wpcf7_flamingo_submit_if","bypassFlamingo",387,{"type":21,"name":246,"callback":247,"priority":208,"file":239,"line":248},"wpcf7_validate_email","emailValidationFilter",397,{"type":21,"name":250,"callback":247,"priority":208,"file":239,"line":251},"wpcf7_validate_email*",403,{"type":21,"name":253,"callback":254,"priority":208,"file":239,"line":255},"wpcf7_validate_textarea","textareaValidationFilter",411,{"type":21,"name":257,"callback":254,"priority":208,"file":239,"line":258},"wpcf7_validate_textarea*",417,{"type":21,"name":260,"callback":261,"priority":238,"file":239,"line":262},"wpcf7_validate_text","textValidationFilter",423,{"type":21,"name":264,"callback":261,"priority":238,"file":239,"line":265},"wpcf7_validate_text*",429,{"type":21,"name":267,"callback":268,"file":269,"line":186},"kmcf7_sub_menu_pages_filter","addSubMenuPage","modules\\dashboard\\DashboardModule.php",{"type":21,"name":271,"callback":212,"priority":208,"file":272,"line":273},"http_request_timeout","modules\\data_collection\\DataCollectionModule.php",127,{"type":21,"name":275,"callback":212,"priority":208,"file":272,"line":276},"https_ssl_verify",135,{"type":21,"name":231,"callback":212,"file":278,"line":48},"modules\\includes.php",{"type":21,"name":267,"callback":268,"file":280,"line":281},"modules\\messages\\MessagesModule.php",682,{"type":21,"name":267,"callback":268,"file":283,"line":284},"modules\\settings\\SettingsModule.php",554,{"type":21,"name":286,"callback":247,"priority":238,"file":287,"line":288},"wpforms_process_initial_errors","modules\\wpforms\\WpFormsModule.php",401,{"type":21,"name":286,"callback":261,"priority":238,"file":287,"line":290},409,{"type":21,"name":286,"callback":254,"priority":238,"file":287,"line":292},415,{"type":200,"name":294,"callback":237,"priority":238,"file":287,"line":295},"wpforms_disable_all_emails",426,{"type":200,"name":297,"callback":298,"priority":238,"file":287,"line":299},"wpforms_entry_email_atts","removeEmailAddress",432,[301,307,312,316,320,324,328,332,336,340,344,348],{"action":302,"nopriv":303,"callback":304,"hasNonce":305,"hasCapCheck":303,"file":272,"line":306},"kmcfmf_dismiss_data_collection_notice",false,"dismissDataCollectionNotice",true,323,{"action":308,"nopriv":303,"callback":309,"hasNonce":305,"hasCapCheck":305,"file":310,"line":311},"kmcfmf_delete_filter","deleteFilter","modules\\filters\\FiltersModule.php",211,{"action":313,"nopriv":303,"callback":314,"hasNonce":305,"hasCapCheck":305,"file":310,"line":315},"kmcfmf_update_filter","updateFilter",212,{"action":317,"nopriv":303,"callback":318,"hasNonce":305,"hasCapCheck":305,"file":310,"line":319},"kmcfmf_save_filter","saveFilter",213,{"action":321,"nopriv":303,"callback":322,"hasNonce":305,"hasCapCheck":305,"file":280,"line":323},"kmcf7_download_csv","downloadCSV",689,{"action":325,"nopriv":303,"callback":326,"hasNonce":305,"hasCapCheck":305,"file":280,"line":327},"kmcf7_messages","serverMessages",690,{"action":329,"nopriv":303,"callback":330,"hasNonce":305,"hasCapCheck":305,"file":280,"line":331},"kmcf7_delete_message","deleteMessage",691,{"action":333,"nopriv":303,"callback":334,"hasNonce":305,"hasCapCheck":305,"file":280,"line":335},"kmcf7_delete_all_messages","deleteAllMessages",692,{"action":337,"nopriv":303,"callback":338,"hasNonce":305,"hasCapCheck":305,"file":280,"line":339},"kmcf7_resubmit_message","resubmitMessage",693,{"action":341,"nopriv":303,"callback":342,"hasNonce":305,"hasCapCheck":305,"file":280,"line":343},"kmcf7_save_visible_columns","saveVisibleColumns",694,{"action":345,"nopriv":303,"callback":346,"hasNonce":303,"hasCapCheck":303,"file":283,"line":347},"kmcf7_clear_suggested_spam_words","clearSuggestedSpamWords",560,{"action":349,"nopriv":303,"callback":350,"hasNonce":305,"hasCapCheck":303,"file":351,"line":352},"kmcf7_get_stats","getStats","modules\\statistics\\StatisticsModule.php",158,[],[],[],12,{"dangerousFunctions":358,"sqlUsage":359,"outputEscaping":361,"fileOperations":118,"externalRequests":118,"nonceChecks":150,"capabilityChecks":48,"bundledLibraries":540},[],{"prepared":28,"raw":29,"locations":360},[],{"escaped":362,"rawEcho":363,"locations":364},75,91,[365,367,368,370,372,374,376,379,381,383,385,387,389,391,393,395,397,399,401,403,405,407,409,411,413,415,418,419,420,421,422,423,425,426,428,430,432,434,436,438,440,442,444,445,447,449,450,452,454,456,458,460,462,464,466,468,471,472,474,476,478,480,482,484,486,487,488,491,493,496,499,501,503,505,507,509,511,513,515,518,520,521,523,525,527,529,531,533,536,537,539],{"file":203,"line":130,"context":366},"raw output",{"file":217,"line":106,"context":366},{"file":217,"line":369,"context":366},252,{"file":217,"line":371,"context":366},268,{"file":217,"line":373,"context":366},283,{"file":217,"line":375,"context":366},311,{"file":377,"line":378,"context":366},"views\\dashboard\\index.php",37,{"file":377,"line":380,"context":366},53,{"file":377,"line":382,"context":366},67,{"file":377,"line":384,"context":366},105,{"file":377,"line":386,"context":366},111,{"file":377,"line":388,"context":366},119,{"file":377,"line":390,"context":366},125,{"file":377,"line":392,"context":366},133,{"file":377,"line":394,"context":366},142,{"file":377,"line":396,"context":366},161,{"file":377,"line":398,"context":366},327,{"file":377,"line":400,"context":366},334,{"file":377,"line":402,"context":366},440,{"file":377,"line":404,"context":366},446,{"file":377,"line":406,"context":366},463,{"file":377,"line":408,"context":366},468,{"file":410,"line":131,"context":366},"views\\mails\\index.php",{"file":410,"line":412,"context":366},51,{"file":410,"line":414,"context":366},66,{"file":416,"line":417,"context":366},"views\\messages\\list.php",55,{"file":416,"line":417,"context":366},{"file":416,"line":225,"context":366},{"file":416,"line":225,"context":366},{"file":416,"line":27,"context":366},{"file":416,"line":27,"context":366},{"file":416,"line":424,"context":366},97,{"file":416,"line":13,"context":366},{"file":416,"line":427,"context":366},113,{"file":416,"line":429,"context":366},150,{"file":416,"line":431,"context":366},151,{"file":416,"line":433,"context":366},152,{"file":416,"line":435,"context":366},153,{"file":416,"line":437,"context":366},154,{"file":416,"line":439,"context":366},156,{"file":416,"line":441,"context":366},157,{"file":416,"line":443,"context":366},187,{"file":416,"line":443,"context":366},{"file":416,"line":446,"context":366},231,{"file":416,"line":448,"context":366},235,{"file":416,"line":371,"context":366},{"file":416,"line":451,"context":366},270,{"file":416,"line":453,"context":366},275,{"file":416,"line":455,"context":366},277,{"file":416,"line":457,"context":366},278,{"file":416,"line":459,"context":366},318,{"file":416,"line":461,"context":366},359,{"file":416,"line":463,"context":366},375,{"file":416,"line":465,"context":366},435,{"file":416,"line":467,"context":366},489,{"file":469,"line":470,"context":366},"views\\messages\\message.php",39,{"file":469,"line":218,"context":366},{"file":469,"line":473,"context":366},82,{"file":469,"line":475,"context":366},83,{"file":469,"line":477,"context":366},84,{"file":469,"line":479,"context":366},109,{"file":469,"line":481,"context":366},162,{"file":483,"line":186,"context":366},"views\\settings\\contactform7.php",{"file":483,"line":485,"context":366},71,{"file":483,"line":473,"context":366},{"file":483,"line":388,"context":366},{"file":489,"line":490,"context":366},"views\\settings\\debug.php",73,{"file":489,"line":492,"context":366},77,{"file":494,"line":495,"context":366},"views\\settings\\extensions.php",21,{"file":497,"line":498,"context":366},"views\\settings\\my_filters.php",130,{"file":497,"line":500,"context":366},149,{"file":497,"line":502,"context":366},181,{"file":497,"line":504,"context":366},223,{"file":497,"line":506,"context":366},233,{"file":497,"line":508,"context":366},289,{"file":497,"line":510,"context":366},291,{"file":497,"line":512,"context":366},340,{"file":497,"line":514,"context":366},342,{"file":516,"line":517,"context":366},"views\\settings\\settings.php",88,{"file":516,"line":519,"context":366},103,{"file":516,"line":446,"context":366},{"file":516,"line":522,"context":366},253,{"file":516,"line":524,"context":366},265,{"file":516,"line":526,"context":366},280,{"file":516,"line":528,"context":366},292,{"file":516,"line":530,"context":366},341,{"file":516,"line":532,"context":366},368,{"file":534,"line":535,"context":366},"views\\settings\\wpforms.php",64,{"file":534,"line":362,"context":366},{"file":534,"line":538,"context":366},86,{"file":534,"line":427,"context":366},[541,544,547],{"name":542,"version":38,"knownCves":543},"DataTables",[],{"name":545,"version":38,"knownCves":546},"Select2",[],{"name":548,"version":549,"knownCves":550},"Freemius","1.0",[],[552,570,581],{"entryPoint":553,"graph":554,"unsanitizedCount":29,"severity":569},"\u003CMessagesModule> (modules\\messages\\MessagesModule.php:0)",{"nodes":555,"edges":567},[556,561],{"id":557,"type":558,"label":559,"file":280,"line":560},"n0","source","$_REQUEST",214,{"id":562,"type":563,"label":564,"file":280,"line":565,"wp_function":566},"n1","sink","update_option() [Settings Manipulation]",493,"update_option",[568],{"from":557,"to":562,"sanitized":305},"low",{"entryPoint":571,"graph":572,"unsanitizedCount":48,"severity":569},"\u003Clist> (views\\messages\\list.php:0)",{"nodes":573,"edges":579},[574,576],{"id":557,"type":558,"label":575,"file":416,"line":356},"$_GET (x9)",{"id":562,"type":563,"label":577,"file":416,"line":439,"wp_function":578},"echo() [XSS]","echo",[580],{"from":557,"to":562,"sanitized":303},{"entryPoint":582,"graph":583,"unsanitizedCount":596,"severity":569},"\u003Cmessage> (views\\messages\\message.php:0)",{"nodes":584,"edges":593},[585,587,589,591],{"id":557,"type":558,"label":586,"file":469,"line":73},"$_GET (x2)",{"id":562,"type":563,"label":577,"file":469,"line":588,"wp_function":578},44,{"id":590,"type":558,"label":586,"file":469,"line":73},"n2",{"id":592,"type":563,"label":577,"file":469,"line":218,"wp_function":578},"n3",[594,595],{"from":557,"to":562,"sanitized":305},{"from":590,"to":592,"sanitized":303},2,{"summary":598,"deductions":599},"The 'cf7-message-filter' plugin v1.6.3.8 presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce checks for a significant portion of its entry points. The absence of critical or high-severity vulnerabilities in its history and the fact that all past CVEs are patched are also encouraging signs.\n\nHowever, significant concerns arise from the static analysis. The presence of one AJAX handler without any authentication checks creates a direct pathway for unauthorized access or actions. Furthermore, the taint analysis revealed two flows with unsanitized paths, indicating potential vulnerabilities related to input handling, although these did not reach critical or high severity. The relatively low percentage of properly escaped output (45%) is also a concern, suggesting a higher risk of Cross-Site Scripting (XSS) vulnerabilities.\n\nThe plugin's vulnerability history, while currently clear of unpatched issues, shows a pattern of medium-severity vulnerabilities including SQL Injection, Missing Authorization, and XSS. This historical trend, coupled with the current static analysis findings, suggests that while the developers are responsive to patching, the codebase may have recurring weaknesses in input validation and authorization enforcement.",[600,602,604,606],{"reason":601,"points":208},"AJAX handler without authentication checks",{"reason":603,"points":229},"Taint flows with unsanitized paths",{"reason":605,"points":63},"Low percentage of properly escaped output",{"reason":607,"points":28},"Medium severity vulnerabilities in history","2026-03-16T18:43:23.277Z",{"wat":610,"direct":623},{"assetPaths":611,"generatorPatterns":616,"scriptPaths":617,"versionParams":618},[612,613,614,615],"\u002Fwp-content\u002Fplugins\u002Fcf7-message-filter\u002Fassets\u002Fcss\u002Ffrontend.css","\u002Fwp-content\u002Fplugins\u002Fcf7-message-filter\u002Fassets\u002Fcss\u002Fbackend.css","\u002Fwp-content\u002Fplugins\u002Fcf7-message-filter\u002Fassets\u002Fjs\u002Ffrontend.js","\u002Fwp-content\u002Fplugins\u002Fcf7-message-filter\u002Fassets\u002Fjs\u002Fbackend.js",[],[614,615],[619,620,621,622],"cf7-message-filter\u002Fassets\u002Fcss\u002Ffrontend.css?ver=","cf7-message-filter\u002Fassets\u002Fcss\u002Fbackend.css?ver=","cf7-message-filter\u002Fassets\u002Fjs\u002Ffrontend.js?ver=","cf7-message-filter\u002Fassets\u002Fjs\u002Fbackend.js?ver=",{"cssClasses":624,"htmlComments":626,"htmlAttributes":629,"restEndpoints":630,"jsGlobals":631,"shortcodeOutput":633},[625],"kmcfmf-spam-message",[627,628],"TODO: PLUGIN BIRTHDAY IS ON THE 30TH AUGUST 2018","TODO: for future use",[],[],[632],"kmcf7ms_fs",[]]