WP-Safety

Contact Form 7 Database & Mobile App – CF7 DB & App Security & Risk Analysis

wordpress.org/plugins/cf7-mobile-notification

This plugin allows you to store and receive via the App "CF7 Database & Contact Manager for Wordpress" Contact Form 7 form submissions.

30 active installs v1.0.0 PHP 5.6+ WP 4.5+ Updated Mar 10, 2021
cf7contact-form-7contact-form-7-dbcontact-form-dbsave-contact-form
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Contact Form 7 Database & Mobile App – CF7 DB & App Safe to Use in 2026?

Generally Safe

Score 85/100

Contact Form 7 Database & Mobile App – CF7 DB & App has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "cf7-mobile-notification" v1.0.0 plugin presents a mixed security posture. On the positive side, the static analysis reveals no identified vulnerabilities from taint analysis, no known CVEs in its history, and a remarkably small attack surface with zero identified entry points that lack authentication checks. This suggests a cautious approach to external interaction. However, significant concerns arise from the code signals. The plugin utilizes a considerable number of SQL queries without employing prepared statements, which is a major risk for SQL injection vulnerabilities. Furthermore, only half of the output operations are properly escaped, leaving potential for cross-site scripting (XSS) attacks. The complete absence of nonce and capability checks on the limited entry points is also a notable weakness, as it may allow unauthorized actions if any entry points are inadvertently exposed. While the lack of historical vulnerabilities is encouraging, the current codebase exhibits practices that require immediate attention.

Key Concerns

  • SQL queries not using prepared statements
  • Insufficient output escaping
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

Contact Form 7 Database & Mobile App – CF7 DB & App Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Contact Form 7 Database & Mobile App – CF7 DB & App Code Analysis

Dangerous Functions
0
Raw SQL Queries
17
0 prepared
Unescaped Output
5
5 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
1
Bundled Libraries
0

SQL Query Safety

0% prepared17 total queries

Output Escaping

50% escaped10 total outputs
Attack Surface

Contact Form 7 Database & Mobile App – CF7 DB & App Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 7
actionplugins_loadedincludes\Hooks\Hooks.php:42
actionwpcf7_before_send_mailincludes\Hooks\Hooks.php:43
actionadmin_initincludes\Hooks\Hooks.php:45
actionadmin_initincludes\Hooks\Hooks.php:46
actionadmin_menuincludes\Hooks\Hooks.php:47
actionsave_postincludes\Hooks\Hooks.php:49
actionrest_api_initincludes\Hooks\Hooks.php:52
Maintenance & Trust

Contact Form 7 Database & Mobile App – CF7 DB & App Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17
Last updatedMar 10, 2021
PHP min version5.6
Downloads2K

Community Trust

Rating100/100
Number of ratings3
Active installs30
Alternatives

Contact Form 7 Database & Mobile App – CF7 DB & App Alternatives

Advanced Contact form 7 DB

Advanced Contact form 7 DB

advanced-cf7-db

B
83

Save all contact form 7 form submitted data to the database, View, Ordering, Change field labels and Import/Export data using CSV.

70K 6 CVEs
Contact Form Dashboard

Contact Form Dashboard

contact-form-dashboard

A
85

CFD stores, organizes and presents all the submissions of the Contact Form 7 in a simplest way. It supports other interesting features like - Dashboard Analytics, Bulk emails / replies handling; Search, sort and export messages.

80 No CVEs
Database Addon for Contact Form 7 – CFDB7

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

A
90

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs
Form Vibes – Database Manager for Forms

Form Vibes – Database Manager for Forms

form-vibes

A
92

Never miss a single lead! Save and manage all Contact Form 7 and Elementor form submissions easily. View, Export, Analyze and Filter submissions.

10K 4 CVEs
Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)

Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)

extensions-for-cf7

A
91

Easily save contact form data, apply conditional logic in the fields and redirect to any page after contact form submission.

6K 5 CVEs
Developer Profile

Contact Form 7 Database & Mobile App – CF7 DB & App Developer Profile

dacalleg

2 plugins · 30 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Contact Form 7 Database & Mobile App – CF7 DB & App

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

REST Endpoints
/wp-json/cf7_mobile_notification/v1/store-device-token/wp-json/cf7_mobile_notification/v1/remove-device-token/wp-json/cf7_mobile_notification/v1/get-forms/wp-json/cf7_mobile_notification/v1/get-form-data/wp-json/cf7_mobile_notification/v1/enable-notification/wp-json/cf7_mobile_notification/v1/disable-notification/wp-json/cf7_mobile_notification/v1/set-read-state/wp-json/cf7_mobile_notification/v1/set-contacted-state/wp-json/cf7_mobile_notification/v1/get-single-form/wp-json/cf7_mobile_notification/v1/get-single-record/wp-json/cf7_mobile_notification/v1/get-message-notifications/wp-json/cf7_mobile_notification/v1/remove-message-notifications
FAQ

Frequently Asked Questions about Contact Form 7 Database & Mobile App – CF7 DB & App