WP-Safety

SMS Extension for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/cf7-sms-extension

Receive text message notifications when a form is submitted.

400 active installs v1.3.6.1 PHP 8.0+ WP 6.2+ Updated Oct 25, 2025
contact-form-7nexmosmstwiliowhatsapp
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SMS Extension for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 100/100

SMS Extension for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The "cf7-sms-extension" v1.3.6.1 plugin exhibits a generally good security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and the use of prepared statements for all SQL queries are positive indicators. However, the analysis reveals significant areas for concern. Notably, the plugin performs external HTTP requests, which can be a vector for various attacks if not handled with extreme care and proper validation. The low percentage of properly escaped output (51%) is a substantial risk, suggesting that user-supplied data, if processed in these unescaped contexts, could lead to cross-site scripting (XSS) vulnerabilities. Furthermore, the complete lack of nonce checks and capability checks on any entry points is a critical oversight, leaving the plugin vulnerable to cross-site request forgery (CSRF) and privilege escalation attacks, especially if any new entry points are introduced or if the current, albeit zero, attack surface were to be exploited through other means.

Key Concerns

  • Low percentage of properly escaped output
  • Missing nonce checks
  • Missing capability checks
  • Bundled Freemius v1.0 library
Vulnerabilities
None known

SMS Extension for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

SMS Extension for Contact Form 7 Release Timeline

v1.3.6.1Current
v1.3.6
v1.3.5
v1.3.4
v1.3.3.4
v1.3.3.3
v1.3.3.2
v1.3.3.1
v1.3.3
v1.3.2.1
v1.3.2
v1.3.1.1
v1.3.1
v1.3.0
v1.2.2.2
v1.2.2.1
v1.2.2
v1.2.1
v1.2.0
v1.1.0
Code Analysis
Analyzed Mar 16, 2026

SMS Extension for Contact Form 7 Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
24
25 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
7
Bundled Libraries
2

Bundled Libraries

DataTablesFreemius1.0

SQL Query Safety

100% prepared2 total queries

Output Escaping

51% escaped49 total outputs
Attack Surface

SMS Extension for Contact Form 7 Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 10
actionafter_uninstallcf7-sms-extension.php:72
actionadmin_noticescf7-sms-extension.php:85
actioninitcf7-sms-extension.php:148
actionwpcf7_save_contact_formcore\CF7SmsExtension.php:67
actionwpcf7_before_send_mailcore\CF7SmsExtension.php:68
actionadmin_enqueue_scriptscore\CF7SmsExtension.php:75
filterwpcf7_editor_panelscore\CF7SmsExtension.php:83
filterwpcf7_ajax_json_echocore\CF7SmsExtension.php:89
filterhttps_ssl_verifycore\CF7SmsExtension.php:578
filterkmcf7se_requires_filtercore\requires.php:8
Maintenance & Trust

SMS Extension for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 25, 2025
PHP min version8.0
Downloads17K

Community Trust

Rating100/100
Number of ratings6
Active installs400
Alternatives

SMS Extension for Contact Form 7 Alternatives

Texty – SMS Notification for WordPress, WooCommerce, Dokan and more

Texty – SMS Notification for WordPress, WooCommerce, Dokan and more

texty

A
100

Texty is a lightweight SMS notification plugin for WordPress.

9K 1 CVE
SocialNotify: Notifications for Contact Form 7

SocialNotify: Notifications for Contact Form 7

eca-socialnotify-cf7

A
100

WhatsApp Notification for Contact Form 7 – Send WhatsApp messages using Twilio API when a form is submitted.

10 No CVEs
NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce

NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce

wp-twilio-core

A
100

Send SMS, OTP & 2FA notifications from WordPress via Twilio. Includes automated alerts, bulk messaging, and integrations with popular plugins.

2K No CVEs
Notifications for Forms & WordPress Actions

Notifications for Forms & WordPress Actions

notifier

A
96

Send WhatsApp notifications for form submissions from CF7, Gravity Forms, WPForms and more and WordPress actions using WhatsApp Business API

1K 3 CVEs
ShopMagic – Twilio SMS

ShopMagic – Twilio SMS

shopmagic-for-twilio

A
100

Send WooCommerce SMS notifications, reminders, and text messages to your customers. The plugin is the ShopMagic add-on and it lets you send sms remind …

800 No CVEs
Developer Profile

SMS Extension for Contact Form 7 Developer Profile

Kofi Mokome

3 plugins · 1K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
105 days
View full developer profile
Detection Fingerprints

How We Detect SMS Extension for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cf7-sms-extension/includes/freemius/assets/css/freemius-sdk.css/wp-content/plugins/cf7-sms-extension/includes/freemius/assets/js/freemius-sdk.js
Script Paths
/wp-content/plugins/cf7-sms-extension/includes/freemius/start.php
Version Parameters
cf7-sms-extension/includes/freemius/assets/css/freemius-sdk.css?ver=cf7-sms-extension/includes/freemius/assets/js/freemius-sdk.js?ver=

HTML / DOM Fingerprints

CSS Classes
kmcf7se-sms-extension-options
Data Attributes
data-fs-product-id="13504"data-fs-slug="cf7-sms-extension"
JS Globals
kmcf7se_fs
FAQ

Frequently Asked Questions about SMS Extension for Contact Form 7