WP-Safety

Contact Form 7 Polylang Module Security & Risk Analysis

wordpress.org/plugins/cf7-polylang

This plugin allows multilingual contact form 7 management using the polylang plugin.

5K active installs v2.4.1 PHP 5.6+ WP 4.7+ Updated Dec 13, 2023
contact-form-7contact-form-7-extensioncontact-form-7-modulemultisitepolylang
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Contact Form 7 Polylang Module Safe to Use in 2026?

Generally Safe

Score 85/100

Contact Form 7 Polylang Module has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The 'cf7-polylang' plugin, version 2.4.1, exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. Furthermore, the use of prepared statements for all SQL queries and the lack of known vulnerabilities are positive indicators. However, the low percentage of properly escaped output (14%) presents a notable concern. This suggests a potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is rendered directly in the browser without adequate sanitization. While no specific taint flows or dangerous functions were identified, the unescaped output is a tangible risk that requires attention.

Key Concerns

  • Low output escaping percentage
Vulnerabilities
None known

Contact Form 7 Polylang Module Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Contact Form 7 Polylang Module Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
1 escaped
Nonce Checks
0
Capability Checks
0
File Operations
3
External Requests
0
Bundled Libraries
0

Output Escaping

14% escaped7 total outputs
Attack Surface

Contact Form 7 Polylang Module Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 19
actionplugins_loadedincludes\class-cf7-polylang.php:145
actionadmin_enqueue_scriptsincludes\class-cf7-polylang.php:160
actionadmin_enqueue_scriptsincludes\class-cf7-polylang.php:161
actionpll_get_post_typesincludes\class-cf7-polylang.php:165
actioncreated_termincludes\class-cf7-polylang.php:168
filterpll_copy_post_metasincludes\class-cf7-polylang.php:170
actionplugins_loadedincludes\class-cf7-polylang.php:173
actionadmin_noticesincludes\class-cf7-polylang.php:175
actionadmin_print_footer_scripts-edit.phpincludes\class-cf7-polylang.php:177
actionadmin_initincludes\class-cf7-polylang.php:179
actionadmin_initincludes\class-cf7-polylang.php:182
actionadmin_noticesincludes\class-cf7-polylang.php:184
filterwpcf7_special_mail_tagsincludes\class-cf7-polylang.php:186
filterwpcf7_special_mail_tagsincludes\class-cf7-polylang.php:188
filtercf7sg_new_cf7_form_template_argumentsincludes\class-cf7-polylang.php:190
actionsave_post_wpcf7_contact_formincludes\class-cf7-polylang.php:192
filtercf7pll_load_plugin_translation_resourceincludes\class-cf7-polylang.php:193
filtercf7_form_shortcode_form_idincludes\class-cf7-polylang.php:211
filterwpcf7_form_hidden_fieldsincludes\class-cf7-polylang.php:214
Maintenance & Trust

Contact Form 7 Polylang Module Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedDec 13, 2023
PHP min version5.6
Downloads101K

Community Trust

Rating80/100
Number of ratings11
Active installs5K
Alternatives

Contact Form 7 Polylang Module Alternatives

Smart Grid-Layout Design for Contact Form 7

Smart Grid-Layout Design for Contact Form 7

cf7-grid-layout

A
92

This plugins allow pure CSS responsive grid layouts for contact form 7. It enables rich interlinking of your CMS data via taxonomy/posts populated dr …

10K No CVEs
Post My CF7 Form

Post My CF7 Form

post-my-contact-form-7

A
92

This plugin enables the mapping of your CF7 forms to custom posts, including featured images, files, meta-fields and taxonomies

2K No CVEs
Contact Form 7 extension for Google Map fields

Contact Form 7 extension for Google Map fields

cf7-google-map

B
84

This plugin enables the insertion of google maps into contact form 7 as an input field.

600 1 CVE
Multilingual Contact Form 7 with Polylang

Multilingual Contact Form 7 with Polylang

multilingual-contact-form-7-with-polylang

A
100

Enables string translation and use of the same forms in different languages of Contact Form 7 forms with Polylang

9K No CVEs
OTP by Email for Contact Form 7

OTP by Email for Contact Form 7

otp-by-email

A
85

A small Contact Form 7 extension plugin to enable email confirmation by unique links sent to the email inbox.

80 No CVEs
Developer Profile

Contact Form 7 Polylang Module Developer Profile

Aurovrata Venet

6 plugins · 25K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
265 days
View full developer profile
Detection Fingerprints

How We Detect Contact Form 7 Polylang Module

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cf7-polylang/assets/css/backend.css/wp-content/plugins/cf7-polylang/assets/css/frontend.css/wp-content/plugins/cf7-polylang/assets/js/backend.js/wp-content/plugins/cf7-polylang/assets/js/frontend.js
Script Paths
/wp-content/plugins/cf7-polylang/assets/js/backend.js/wp-content/plugins/cf7-polylang/assets/js/frontend.js
Version Parameters
cf7-polylang/assets/css/backend.css?ver=cf7-polylang/assets/css/frontend.css?ver=cf7-polylang/assets/js/backend.js?ver=cf7-polylang/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
cf7-polylang-frontend
Data Attributes
data-cf7-polylang
JS Globals
cf7_polylang_settings
FAQ

Frequently Asked Questions about Contact Form 7 Polylang Module