Does CF7NXT Lite – Contact Form 7 Save Into Database Plugin By Witoni Software have any unpatched vulnerabilities?

No. All known vulnerabilities in CF7NXT Lite – Contact Form 7 Save Into Database Plugin By Witoni Software have been patched as of the latest data update. Always keep the plugin updated to the latest version.

CF7NXT Lite – Contact Form 7 Save Into Database Plugin By Witoni Software Security & Risk Analysis

wordpress.org/plugins/cf7-save-into-database

THE MOST ADVANCED CONTACT FORM 7 SAVE TO DATABASE PLUGIN USED FOR SAVING CF7 ENQUIRES OR DATA INTO WORDPRESS DASHBOARD SYSTEM FOR FURTHER PROCESSES.

0 active installs v1.0 PHP + WP 4.8+ Updated Dec 4, 2018

cf7-savecontact-form-7-save-database

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CF7NXT Lite – Contact Form 7 Save Into Database Plugin By Witoni Software Safe to Use in 2026?

Generally Safe

Score 85/100

CF7NXT Lite – Contact Form 7 Save Into Database Plugin By Witoni Software has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "cf7-save-into-database" v1.0 plugin exhibits several concerning security practices, significantly outweighing its strengths. A primary concern is the presence of an AJAX handler without any authentication checks, creating a direct entry point for potential attackers. Furthermore, the plugin's reliance on raw SQL queries with zero use of prepared statements is a major red flag, leaving it highly susceptible to SQL injection vulnerabilities. The high number of unsanitized taint flows, although not classified as critical or high severity in this analysis, still indicates potential pathways for malicious data to be processed without proper validation. The limited output escaping (29%) also suggests potential for cross-site scripting (XSS) vulnerabilities.

While the plugin has no recorded vulnerability history (CVEs), this should not be interpreted as a guarantee of security. The static analysis results reveal fundamental weaknesses in how the plugin handles user input and interacts with the database. The presence of dangerous functions like `unserialize` further exacerbates the risk, especially when combined with unsanitized input. The lack of capability checks on entry points is also a significant oversight. In conclusion, the plugin's current security posture is poor due to these critical vulnerabilities, and it should be treated with extreme caution until these issues are addressed.

Key Concerns

AJAX handler without auth checks
SQL queries with 0% prepared statements
Low output escaping percentage
Dangerous function: unserialize
3 unsanitized taint flows
No capability checks
Only 1 nonce check for 2 entry points

Vulnerabilities

None known

CF7NXT Lite – Contact Form 7 Save Into Database Plugin By Witoni Software Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

CF7NXT Lite – Contact Form 7 Save Into Database Plugin By Witoni Software Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$first_row = isset($results[0]) ? unserialize( $results[0]->form_value ): 0 ;admin\partials\cf7nxt-panel.php:97

unserialize$form_value = unserialize( $result->form_value );admin\partials\cf7nxt-panel.php:201

unserialize$result_values = unserialize($result_value);admin\partials\cf7nxt-panel.php:272

unserialize$result_values = unserialize( $result_value );admin\partials\cf7nxt-panel.php:300

unserialize$result_values = unserialize( $result_value );admin\partials\cf7nxt-panel.php:316

unserialize$form_values = unserialize( $form_value );public\class-cf7nxt-public.php:150

SQL Query Safety

0% prepared12 total queries

Output Escaping

29% escaped34 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

sttarted_enquiry (admin\class-cf7nxt-admin.php:622)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

CF7NXT Lite – Contact Form 7 Save Into Database Plugin By Witoni Software Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_starred_enquiryincludes\class-cf7nxt.php:175

Shortcodes 1

[hey] includes\class-cf7nxt.php:201

WordPress Hooks 25

actionplugins_loadedincludes\class-cf7nxt.php:142

actionadmin_enqueue_scriptsincludes\class-cf7nxt.php:157

actionadmin_enqueue_scriptsincludes\class-cf7nxt.php:158

actioninitincludes\class-cf7nxt.php:160

actioninitincludes\class-cf7nxt.php:161

filtermanage_cf7nxt_panel_posts_columnsincludes\class-cf7nxt.php:162

filterpost_row_actionsincludes\class-cf7nxt.php:163

filterpage_row_actionsincludes\class-cf7nxt.php:164

actionadmin_menuincludes\class-cf7nxt.php:165

actionadmin_headincludes\class-cf7nxt.php:166

filtermanage_cf7nxt_panel_posts_columnsincludes\class-cf7nxt.php:167

actionmanage_cf7nxt_panel_posts_custom_columnincludes\class-cf7nxt.php:168

filtermanage_edit-cf7nxt_panel_sortable_columnsincludes\class-cf7nxt.php:169

actionadd_meta_boxesincludes\class-cf7nxt.php:170

actionrestrict_manage_postsincludes\class-cf7nxt.php:171

actioninitincludes\class-cf7nxt.php:172

actionadmin_print_scripts-post.phpincludes\class-cf7nxt.php:173

actionrestrict_manage_postsincludes\class-cf7nxt.php:176

actioncf7nxt_forms_edit_form_fieldsincludes\class-cf7nxt.php:177

actionedited_cf7nxt_formsincludes\class-cf7nxt.php:178

filterwpcf7_editor_panelsincludes\class-cf7nxt.php:179

filterwpcf7_after_saveincludes\class-cf7nxt.php:180

actionwp_enqueue_scriptsincludes\class-cf7nxt.php:196

actionwp_enqueue_scriptsincludes\class-cf7nxt.php:197

actionwpcf7_before_send_mailincludes\class-cf7nxt.php:199

Maintenance & Trust

CF7NXT Lite – Contact Form 7 Save Into Database Plugin By Witoni Software Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedDec 4, 2018

PHP min version

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

CF7NXT Lite – Contact Form 7 Save Into Database Plugin By Witoni Software Alternatives

No alternatives data available yet.

Developer Profile

CF7NXT Lite – Contact Form 7 Save Into Database Plugin By Witoni Software Developer Profile

Rakessh

3 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CF7NXT Lite – Contact Form 7 Save Into Database Plugin By Witoni Software

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cf7-save-into-database/admin/css/plugin-name-admin.css/wp-content/plugins/cf7-save-into-database/admin/js/plugin-name-admin.js

Script Paths

/wp-content/plugins/cf7-save-into-database/admin/js/plugin-name-admin.js

Version Parameters

/wp-content/plugins/cf7-save-into-database/admin/css/plugin-name-admin.css?ver=/wp-content/plugins/cf7-save-into-database/admin/js/plugin-name-admin.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

name="term_meta[cf7nxt_form_id]"id="term_meta[cf7nxt_form_id]"name="term_meta[cf7nxt_form_subject]"id="term_meta[cf7nxt_form_subject]"

FAQ