WP-Safety

Contact Form 7 Responses Security & Risk Analysis

wordpress.org/plugins/cf7-responses

Store Contact Form 7 responses into your WordPress.

40 active installs v1.0.5 PHP 5.6+ WP 3.8+ Updated Apr 17, 2019
birdcontactcontact-formcrmmail
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Contact Form 7 Responses Safe to Use in 2026?

Generally Safe

Score 85/100

Contact Form 7 Responses has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The cf7-responses plugin v1.0.5 exhibits a generally good security posture due to its limited attack surface and the absence of known vulnerabilities. The plugin correctly utilizes prepared statements for its single SQL query, which is a strong indicator of good database security practices. Furthermore, the presence of a nonce check on its sole AJAX handler suggests an attempt to mitigate cross-site request forgery (CSRF) attacks.

Key Concerns

  • Significant portion of outputs not properly escaped
  • Unsanitized paths found in taint analysis
  • No capability checks on AJAX handler
  • File operations present without explicit checks
  • External HTTP requests present without explicit checks
Vulnerabilities
None known

Contact Form 7 Responses Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Contact Form 7 Responses Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
39
23 escaped
Nonce Checks
1
Capability Checks
0
File Operations
2
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

37% escaped62 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
cf7r_pick_settings_page_responses (includes\functions-settings.php:128)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Contact Form 7 Responses Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_cf7r_process_download_csvincludes\functions.php:137
WordPress Hooks 25
actionadmin_enqueue_scriptscf7-responses.php:55
actionadmin_menuincludes\classes\class-pick-settings.php:23
actionadmin_noticesincludes\classes\class-pick-settings.php:26
actionwp_dashboard_setupincludes\classes\class-pick-settings.php:27
actionadmin_initincludes\classes\class-pick-settings.php:29
filterwhitelist_optionsincludes\classes\class-pick-settings.php:30
actionadmin_enqueue_scriptsincludes\classes\class-pick-settings.php:31
actionadmin_menuincludes\classes\class-post-meta.php:13
actionadd_meta_boxesincludes\classes\class-post-meta.php:14
actioninitincludes\classes\class-post-types.php:12
filterparent_fileincludes\classes\class-post-types.php:14
filtersubmenu_fileincludes\classes\class-post-types.php:15
actionplugins_loadedincludes\functions-settings.php:88
actionpick_settings_cf7r_export_buttonincludes\functions-settings.php:102
actionpick_settings_after_page_exportincludes\functions-settings.php:111
actionpick_settings_before_page_exportincludes\functions-settings.php:123
actionpick_settings_page_responsesincludes\functions-settings.php:141
filterset-screen-optionincludes\functions-settings.php:158
actionpick_settings_submenu_added_cf7-responsesincludes\functions-settings.php:198
actionadmin_noticesincludes\functions.php:35
actionadmin_initincludes\functions.php:69
actionwpcf7_submitincludes\functions.php:178
filterwpcf7_form_hidden_fieldsincludes\functions.php:203
actionadmin_noticesincludes\functions.php:221
filterplugin_row_metaincludes\functions.php:239
Maintenance & Trust

Contact Form 7 Responses Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22
Last updatedApr 17, 2019
PHP min version5.6
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs40
Alternatives

Contact Form 7 Responses Alternatives

Flamingo

Flamingo

flamingo

A
100

A trustworthy message storage plugin for Contact Form 7.

800K 1 CVE
CF7 Inbound Organizer

CF7 Inbound Organizer

cf7-inbound-organizer

A
92

Inbound messages from Contact Form 7 are organized on a board with 2 to 5 columns to track message processing. Depends on CF7 and Flamingo.

50 No CVEs
WolfCRM Forms Integration

WolfCRM Forms Integration

nds-wolfcrm-forms-integration

A
92

Plugin que permite enviar a WolfCRM los datos obtenidos a través de formularios de Ninja Forms de forma automática. https://www.wolfcrm.es/

10 No CVEs
SlimFAQ

SlimFAQ

slimfaq

A
85

Easy integration of the SlimFAQ sidebar with optional Intercom integration.

10 No CVEs
Creative Mail – Easier WordPress & WooCommerce Email Marketing

Creative Mail – Easier WordPress & WooCommerce Email Marketing

creative-mail-by-constant-contact

A
90

Creative Mail was designed specifically for WordPress and WooCommerce. Our intelligent (and super fun) email editor simplifies email marketing campaig …

300K 3 CVEs
Developer Profile

Contact Form 7 Responses Developer Profile

ThemeRox

1 plugin · 40 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Contact Form 7 Responses

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cf7-responses/assets/admin/css/style.css/wp-content/plugins/cf7-responses/assets/fonts/icofont.min.css/wp-content/plugins/cf7-responses/assets/tool-tip.min.css/wp-content/plugins/cf7-responses/assets/admin/js/scripts.js
Script Paths
/wp-content/plugins/cf7-responses/assets/admin/js/scripts.js
Version Parameters
cf7-responses/assets/admin/css/style.css?ver=cf7-responses/assets/fonts/icofont.min.css?ver=cf7-responses/assets/tool-tip.min.css?ver=cf7-responses/assets/admin/js/scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
media_previewdashiconsdashicons-format-audio
Data Attributes
id='media_preview_id='media_input_id='media_upload_
JS Globals
cf7rwp
FAQ

Frequently Asked Questions about Contact Form 7 Responses