CF7 Required custom field Security & Risk Analysis
wordpress.org/plugins/cf7-required-custom-fieldCF7 Required custom field - a plugin in which you customized your message for the required field for CF7.
Is CF7 Required custom field Safe to Use in 2026?
Generally Safe
Score 85/100CF7 Required custom field has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "cf7-required-custom-field" v1.1 plugin exhibits a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points significantly limits the potential attack surface. Furthermore, the code signals indicate responsible development practices, with 100% of SQL queries utilizing prepared statements and a single capability check present. The lack of dangerous functions, file operations, external HTTP requests, and taint flows with unsanitized paths are all positive indicators. The plugin also has a clean vulnerability history with no known CVEs, suggesting a well-maintained and secure codebase over time.
However, a notable concern lies in the output escaping. With 8 total outputs and only 25% properly escaped, there is a significant risk of Cross-Site Scripting (XSS) vulnerabilities. Any data that is displayed to users without proper sanitization or encoding could be exploited to inject malicious scripts. While the plugin's attack surface is minimal, this output escaping weakness presents a clear and actionable security concern that should be addressed to prevent potential exploitation.
Key Concerns
- Insufficient output escaping
CF7 Required custom field Security Vulnerabilities
CF7 Required custom field Code Analysis
Output Escaping
CF7 Required custom field Attack Surface
WordPress Hooks 13
Maintenance & Trust
CF7 Required custom field Maintenance & Trust
Maintenance Signals
Community Trust
CF7 Required custom field Alternatives
CF7 WOW Styler – Visual Styler for Contact Form 7 Forms
cf7-styler
Save time by styling Contact Form 7 once and applying the same design to multiple forms – CF7 WOW Styler keeps them on brand with visual controls and …
ActiveTrail – Contact Form 7
activetrail-contact-form-7
The official ActiveTrail Email Marketing Integration for Contact Form 7
CF7 Mailgun Domain Validation
cf7-mailgun-domain-validation
Allows email addresses using your site’s Mailgun domain to pass Contact Form 7’s form validation feature.
Contact Form 7 to Post
contact-form-7-to-post
Save contact form 7 submissions as new posts
Database Addon for Contact Form 7 – CFDB7
contact-form-cfdb7
Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.
CF7 Required custom field Developer Profile
1 plugin · 100 total installs
How We Detect CF7 Required custom field
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/cf7-required-custom-field/App/ECRMT_SetupWizard.php/wp-content/plugins/cf7-required-custom-field/App/ECRMT_ValidateInputHooks.phpHTML / DOM Fingerprints
Copyright 2018 Alex Shevchenko (email: alexdoc1985@gmail.com)This program is free software; you can redistribute it and/or modifyit under the terms of the GNU General Public License as published bythe Free Software Foundation; either version 2 of the License, or+8 morename="ecrmt_error_messageid="