WP-Safety

Popups – Submission Messages For Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/cf7-popups

Display contact form 7 default messages in stylish popup as user submits the form.

3K active installs v1.2.1 PHP 7.4+ WP 5.6+ Updated Sep 18, 2025
cf7contact-formcontact-form-7contact-form-7-addonpopup-messages
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Popups – Submission Messages For Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 100/100

Popups – Submission Messages For Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The cf7-popups plugin v1.2.1 exhibits a generally good security posture based on the provided static analysis. It has a very small attack surface, with only one AJAX handler and no exposed REST API routes or shortcodes. The absence of dangerous functions and file operations is also a positive sign. Furthermore, all SQL queries are properly prepared, indicating protection against SQL injection. The presence of nonce checks further strengthens its defense against common web vulnerabilities.

Key Concerns

  • 100% of outputs are not properly escaped
  • 0% of outputs are properly escaped
  • No capability checks on entry points
Vulnerabilities
None known

Popups – Submission Messages For Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Popups – Submission Messages For Contact Form 7 Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
0 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped1 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
cf7_popups_ajax_notice_handler (cf7-popups-class.php:134)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Popups – Submission Messages For Contact Form 7 Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_cf7_popups_ajax_notice_handlercf7-popups-class.php:53
WordPress Hooks 5
actioninitcf7-popups-class.php:47
actionwp_enqueue_scriptscf7-popups-class.php:48
actionwp_enqueue_scriptscf7-popups-class.php:49
actionadmin_enqueue_scriptscf7-popups-class.php:50
actionadmin_noticescf7-popups-class.php:52
Maintenance & Trust

Popups – Submission Messages For Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 18, 2025
PHP min version7.4
Downloads43K

Community Trust

Rating94/100
Number of ratings6
Active installs3K
Alternatives

Popups – Submission Messages For Contact Form 7 Alternatives

CleverReach Integration for Contact Form 7

CleverReach Integration for Contact Form 7

cf7-cleverreach-integration

A
85

Connect your Contact Form 7 forms with your CleverReach account.

700 No CVEs
CF7 Notie

CF7 Notie

cf7-notie

A
85

Display Contact Form 7 response messages as an alternative the standard alert dialog.

60 No CVEs
WeClapp Integration for Contact Form 7

WeClapp Integration for Contact Form 7

cf7-weclapp-integration

A
85

Send user form input to WeClapp to add new contacts/leads/customers recipients.

10 No CVEs
Enhanced Addon for Contact Form 7

Enhanced Addon for Contact Form 7

enhanced-addon-for-contact-form-7

A
92

Unlock the Full Potential of Contact Form 7 Elevate your Contact Form 7 experience with live form previews and easy styling.

0 No CVEs
Database Addon for Contact Form 7 – CFDB7

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

A
90

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs
Developer Profile

Popups – Submission Messages For Contact Form 7 Developer Profile

codeworkweb

12 plugins · 7K total installs

94
trust score
Avg Security Score
92/100
Avg Patch Time
3 days
View full developer profile
Detection Fingerprints

How We Detect Popups – Submission Messages For Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cf7-popups/views/assets/css/sweetalert2.min.css/wp-content/plugins/cf7-popups/views/assets/css/frontend.css/wp-content/plugins/cf7-popups/views/assets/js/sweetalert2.min.js/wp-content/plugins/cf7-popups/views/assets/js/cf7-popups.js/wp-content/plugins/cf7-popups/views/assets/js/cf7-admin.js
Script Paths
/wp-content/plugins/cf7-popups/views/assets/js/sweetalert2.min.js/wp-content/plugins/cf7-popups/views/assets/js/cf7-popups.js/wp-content/plugins/cf7-popups/views/assets/js/cf7-admin.js
Version Parameters
cf7-popups/views/assets/css/sweetalert2.min.css?ver=cf7-popups/views/assets/css/frontend.css?ver=cf7-popups/views/assets/js/sweetalert2.min.js?ver=cf7-popups/views/assets/js/cf7-popups.js?ver=cf7-popups/views/assets/js/cf7-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
notice-upgrade-cf7pp
JS Globals
cf7_popups_valcf7_popups_admin
FAQ

Frequently Asked Questions about Popups – Submission Messages For Contact Form 7