WP-Safety

Contact Form 7 Save to Database (Add-on for CF7) Security & Risk Analysis

wordpress.org/plugins/cf7-save-to-database

Contact Form 7 Save to Database helps you add multi-step for your form. This is the best solution to keep the form as simple as possible to your visit …

0 active installs v1.0 PHP 5.0+ WP 3.0+ Updated Mar 24, 2019
cf-7-dataabsecf7contact-form-7contact-form-7-databasedatabase
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Contact Form 7 Save to Database (Add-on for CF7) Safe to Use in 2026?

Generally Safe

Score 85/100

Contact Form 7 Save to Database (Add-on for CF7) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "cf7-save-to-database" v1.0 plugin exhibits significant security concerns due to a large attack surface with unprotected entry points. All six AJAX handlers lack authentication checks, presenting a clear risk of unauthorized access and manipulation. The presence of the `unserialize` function is also a red flag, especially when combined with two high-severity taint flows, suggesting a potential for code execution if user-supplied data is not properly sanitized before being unserialized. While the plugin utilizes prepared statements for most SQL queries and has no recorded vulnerability history, these strengths are overshadowed by the immediate and critical risks identified in the static analysis.

Key Concerns

  • Multiple AJAX handlers without authentication
  • Use of 'unserialize' function
  • High severity taint flows
  • Lack of nonce checks on AJAX
  • Poor output escaping
  • File operations without clear sanitization context
Vulnerabilities
None known

Contact Form 7 Save to Database (Add-on for CF7) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Contact Form 7 Save to Database (Add-on for CF7) Code Analysis

Dangerous Functions
3
Raw SQL Queries
1
7 prepared
Unescaped Output
35
4 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$data = @unserialize($query->cf7_value);inc\functions.php:41
unserialize$value = @unserialize($v->cf7_value);inc\functions.php:121
unserialize$cf7_value = @unserialize($rs->cf7_value);tpl\ad-table.php:59

Bundled Libraries

DataTables

SQL Query Safety

88% prepared8 total queries

Output Escaping

10% escaped39 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
cf7wpdb_set_label (inc\ajax.php:33)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Contact Form 7 Save to Database (Add-on for CF7) Attack Surface

Entry Points6
Unprotected6

AJAX Handlers 6

noprivwp_ajax_cf7wpdb_set_labelinc\ajax.php:22
authwp_ajax_cf7wpdb_set_labelinc\ajax.php:23
noprivwp_ajax_cf7wpdb_exportinc\ajax.php:25
authwp_ajax_cf7wpdb_exportinc\ajax.php:26
noprivwp_ajax_cf7wpdb_actioninc\ajax.php:28
authwp_ajax_cf7wpdb_actioninc\ajax.php:29
WordPress Hooks 6
actionadmin_noticescf7-save-to-database.php:41
actionplugins_loadedcf7-save-to-database.php:105
actionadmin_menuinc\admin.php:6
actionadmin_enqueue_scriptsinc\admin.php:7
actioncf7wpdb_after_bulkaction_btninc\admin.php:8
actionwpcf7_mail_sentinc\frontend.php:6
Maintenance & Trust

Contact Form 7 Save to Database (Add-on for CF7) Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22
Last updatedMar 24, 2019
PHP min version5.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Contact Form 7 Save to Database (Add-on for CF7) Alternatives

EP Exporter for Contact Form 7 (CF7)

EP Exporter for Contact Form 7 (CF7)

ep-exporter-for-cf7

A
100

Smart and lightweight Contact Form 7 data exporter. Export your CF7 or CFDB7 submissions to CSV with advanced filtering options.

200 No CVEs
PeproDev CF7 Database

PeproDev CF7 Database

pepro-cf7-database

C
67

Reliable Solution to Save CF7 Submissions and Files, Works with CF7 v.5.9+

100 1 unpatched
WP Contact Form 7 DB Handler

WP Contact Form 7 DB Handler

wp-contact-form-7-db-handler

A
100

Store all your contact form 7 submission and easily access it. you can also filter and export it!

100 No CVEs
Database Entries Manager for Contact Form 7

Database Entries Manager for Contact Form 7

database-entries-manager-for-contact-form-7

A
85

Store all your Contact Form 7 entries and manage their status in your Wordpress Dashboard. Keep track of all the support or contact requests from your …

0 No CVEs
Database Addon for Contact Form 7 – CFDB7

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

A
90

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs
Developer Profile

Contact Form 7 Save to Database (Add-on for CF7) Developer Profile

azmarket

4 plugins · 140 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Contact Form 7 Save to Database (Add-on for CF7)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cf7-save-to-database/inc/pagination.class.php/wp-content/plugins/cf7-save-to-database/inc/admin.php/wp-content/plugins/cf7-save-to-database/inc/frontend.php/wp-content/plugins/cf7-save-to-database/inc/ajax.php/wp-content/plugins/cf7-save-to-database/tpl/ad-table.php/wp-content/plugins/cf7-save-to-database/inc/functions.php
Version Parameters
cf7-save-to-database/style.css?ver=cf7-save-to-database/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
cf7wpdb-group-actioncf7wpdb_export
Data Attributes
data-fid
JS Globals
BH_CF7_DBPRO
FAQ

Frequently Asked Questions about Contact Form 7 Save to Database (Add-on for CF7)