Does CF7 Notie have any unpatched vulnerabilities?

No. All known vulnerabilities in CF7 Notie have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CF7 Notie compatible with WordPress 4.3.34?

According to WordPress.org data, CF7 Notie 1.0 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is CF7 Notie updated?

CF7 Notie was last updated on Jan 2, 2016. Frequent updates are generally a positive security signal.

What is CF7 Notie's security score?

CF7 Notie has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CF7 Notie Security & Risk Analysis

wordpress.org/plugins/cf7-notie

Display Contact Form 7 response messages as an alternative the standard alert dialog.

60 active installs v1.0 PHP + WP 3.1.0+ Updated Jan 2, 2016

contact-formcontact-form-7contact-form-7-addonnotiewpcf7

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is CF7 Notie Safe to Use in 2026?

Generally Safe

Score 85/100

CF7 Notie has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "cf7-notie" plugin v1.0 presents a mixed security profile. From a static analysis perspective, the absence of direct entry points like AJAX handlers, REST API routes, and shortcodes, coupled with the lack of file operations and external HTTP requests, suggests a limited attack surface. The fact that all identified SQL queries utilize prepared statements is a strong positive security indicator, mitigating risks of SQL injection. However, the low percentage of properly escaped output (29%) is a significant concern, as it opens the door to potential Cross-Site Scripting (XSS) vulnerabilities. The taint analysis showing zero flows with unsanitized paths is reassuring for this specific aspect. The plugin's vulnerability history is clean, with no recorded CVEs, which is excellent. This suggests either a lack of past vulnerabilities or a proactive approach to security by the developers. Overall, while the plugin benefits from a small attack surface and secure database practices, the unaddressed output escaping issues require attention to prevent potential XSS attacks.

Key Concerns

Low output escaping coverage

Vulnerabilities

None known

CF7 Notie Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CF7 Notie Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

29% escaped7 total outputs

Attack Surface

CF7 Notie Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionplugins_loadedincludes\class-cf7_notie.php:140

actionadmin_enqueue_scriptsincludes\class-cf7_notie.php:155

actionadmin_enqueue_scriptsincludes\class-cf7_notie.php:156

actionadmin_menuincludes\class-cf7_notie.php:157

actionadmin_initincludes\class-cf7_notie.php:158

actionwp_enqueue_scriptsincludes\class-cf7_notie.php:173

actionwp_enqueue_scriptsincludes\class-cf7_notie.php:174

actionwp_footerincludes\class-cf7_notie.php:175

Maintenance & Trust

CF7 Notie Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedJan 2, 2016

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings3

Active installs60

Alternatives

CF7 Notie Alternatives

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs

$DS CF7 Math Captcha$

DS CF7 Math Captcha

ds-cf7-math-captcha

"DS CF7 Math Captcha" is a math captcha with refresh captcha functionality to prevent unwanted spam for your contact form 7 plugin.

30K 1 CVE

Bootstrap for Contact Form 7

bootstrap-for-contact-form-7

This plugin modifies the output of the popular Contact Form 7 plugin to be styled in compliance with themes using the Bootstrap CSS framework.

10K No CVEs

Contact Form 7: Accessible Defaults

contact-form-7-accessible-defaults

100

Replaces the default Contact Form 7 form with an accessible equivalent and provides a suite of selectable base forms.

5K No CVEs

Date Picker For Contact Form 7

date-picker-for-contact-form-7

100

Easily add a customizable Date Picker to Contact Form 7. Restrict dates, disable specific days, and improve your booking forms.

4K No CVEs

Developer Profile

CF7 Notie Developer Profile

fabbricaweb

2 plugins · 1K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CF7 Notie

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cf7-notie/css/cf7_notie-admin.css/wp-content/plugins/cf7-notie/js/cf7_notie-admin.js

Script Paths

/wp-content/plugins/cf7-notie/js/cf7_notie-admin.js

Version Parameters

cf7_notie-admin.css?ver=cf7_notie-admin.js?ver=

HTML / DOM Fingerprints

FAQ