CF7 ReCaptcha Mine Security & Risk Analysis
wordpress.org/plugins/cf7-recaptcha-mineProtect your cf7 forms against spam and brute-force attacks. The plugin is invisible, compliant to GDPR and DSGVO.
Is CF7 ReCaptcha Mine Safe to Use in 2026?
Generally Safe
Score 85/100CF7 ReCaptcha Mine has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "cf7-recaptcha-mine" v2.0.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and shows no known critical or high severity vulnerabilities in its history. The absence of bundled libraries and external HTTP requests are also favorable indicators. However, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers, both of which lack authentication checks, creating a notable attack surface. Furthermore, a taint analysis revealed a flow with unsanitized paths, though it was not classified as critical or high severity, it still indicates a potential for data manipulation or injection if an attacker can leverage it. The limited capability checks also contribute to the overall risk, as access control is not robustly implemented. While the plugin's vulnerability history is clean, the presence of unprotected entry points and a path-related taint flow warrant caution.
Key Concerns
- AJAX handlers without authentication
- Flow with unsanitized paths
- Limited capability checks
- Output escaping is not fully implemented
CF7 ReCaptcha Mine Security Vulnerabilities
CF7 ReCaptcha Mine Code Analysis
Output Escaping
Data Flow Analysis
CF7 ReCaptcha Mine Attack Surface
AJAX Handlers 2
WordPress Hooks 8
Maintenance & Trust
CF7 ReCaptcha Mine Maintenance & Trust
Maintenance Signals
Community Trust
CF7 ReCaptcha Mine Alternatives
CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7
contact-form-7-honeypot
Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.
CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress
advanced-nocaptcha-recaptcha
Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.
Contact Form 7 Captcha
contact-form-7-simple-recaptcha
Protect your Contact Form 7 forms with Google reCAPTCHA V2, Google reCAPTCHA V3, hCAPTCHA, or Cloudflare Turnstile.
reCAPTCHA in WP comments form
recaptcha-in-wp-comments-form
reCAPTCHA in WP comments form is an ANTISPAM tool that adds a Google reCAPTCHA to the comments form and protects your site from the spam robots threat …
CF7 Invisible reCAPTCHA
cf7-invisible-recaptcha
CF7 Invisible reCAPTCHA plugin is an effective solution that secures your Contact form 7 forms on WordPress websites from spam entries while letting h …
CF7 ReCaptcha Mine Developer Profile
2 plugins · 4K total installs
How We Detect CF7 ReCaptcha Mine
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/cf7-recaptcha-mine/assets/js/script.jscf7-recaptcha-mine/assets/js/script.js?ver=HTML / DOM Fingerprints
rcm-loadingcountdownclass="hashStamp"class="hashNonce"name="hashStamp"name="hashDifficulty"name="hashNonce"stampLoadedinitCaptchaaddStampfindHash/wp-json/cf7-recaptcha-mine/v1/options<input type="hidden" name="action" value="check_nonce"><input type="hidden" class="hashStamp" name="hashStamp" id="hashStamp" value="" /><input type="hidden" name="hashDifficulty" id="hashDifficulty" value="