[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f716F3xJBpk6xyrs982Bno4NvFLMh2Enxy9FoxU4_vd0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":55,"analysis":56,"fingerprints":137},"cf7-summary-and-print","Contact Form 7 Submission Summary & PDF Print","1.3.1","Muhammad Rehman","https:\u002F\u002Fprofiles.wordpress.org\u002Fmuhammad-rehman\u002F","\u003Cp>\u003Cstrong>Give users the power to view and print their Contact Form 7 submission summary within seconds!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Contact Form 7 Summary and Print is a lightweight yet powerful add-on that allows users to \u003Cstrong>view a summary of the form data they submitted\u003C\u002Fstrong> and \u003Cstrong>print it\u003C\u002Fstrong> using a simple “Print Summary” button.\u003C\u002Fp>\n\u003Cp>You can also add a \u003Cstrong>custom message\u003C\u002Fstrong> that will appear after form submission — making the process more informative and polished.\u003C\u002Fp>\n\u003Ch3>🛠️ How It Works\u003C\u002Fh3>\n\u003Cp>After installation, the plugin adds a new menu:\u003Cbr \u002F>\n\u003Cstrong>Contact > Summary & Print\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Click the menu and configure the plugin settings.\u003C\u002Fli>\n\u003Cli>When users submit a form, they’ll see a structured summary of their input.\u003C\u002Fli>\n\u003Cli>If enabled, the “Print Summary” button appears for quick printing.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Want to disable printing? Simply leave the \u003Cstrong>Print Button Label\u003C\u002Fstrong> field empty.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>✅ Display a \u003Cstrong>summary of the user’s submitted form\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ Add a \u003Cstrong>“Print Summary”\u003C\u002Fstrong> button to the confirmation screen\u003Cbr \u002F>\n✅ \u003Cstrong>Enable\u002Fdisable\u003C\u002Fstrong> the print button\u003Cbr \u002F>\n✅ Show a \u003Cstrong>custom message\u003C\u002Fstrong> after form submission\u003Cbr \u002F>\n✅ Works with any existing Contact Form 7 forms\u003C\u002Fp>\n\u003Ch3>💎 PRO Features\u003C\u002Fh3>\n\u003Cp>Upgrade to \u003Cstrong>CF7 Summary and Print Pro\u003C\u002Fstrong> to unlock premium PDF capabilities:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>📄 View summary in \u003Cstrong>PDF format\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>🖼️ Add your \u003Cstrong>logo\u003C\u002Fstrong> to the PDF\u003C\u002Fli>\n\u003Cli>📍 Set \u003Cstrong>logo position\u003C\u002Fstrong> (left, center, right)\u003C\u002Fli>\n\u003Cli>🏷️ Add a \u003Cstrong>custom PDF header title\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>💧 Apply a \u003Cstrong>watermark\u003C\u002Fstrong> to the PDF\u003C\u002Fli>\n\u003Cli>⬇️ Allow users to \u003Cstrong>download the PDF\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>⚡\u003Ca href=\"https:\u002F\u002Fmuhammadrehman.me\u002Fcontact-form-7-to-pdf-viewer-pro\u002F\" rel=\"nofollow ugc\">Get Pro Features\u003C\u002Fa>\u003C\u002Fp>\n","Show a printable summary of Contact Form 7 submissions. Let users review and print their form data instantly. Upgrade to Pro for PDF export and brandi …",300,13120,96,4,"2025-06-14T09:46:00.000Z","6.8.5","4.5","7.4",[20,21,22,23],"cf7-view-summary","contact-form-print","form-summary","pdf-print","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-summary-and-print.1.3.1.zip",99,1,0,"2024-07-11 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2024-38724","contact-form-7-summary-and-print-cross-site-request-forgery","Contact Form 7 Summary and Print \u003C= 1.2.5 - Cross-Site Request Forgery","The Contact Form 7 Summary and Print plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the cf7sp_save_settings() function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.2.5","1.2.6","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-11-25 19:19:20",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9f00b763-1b8a-4a20-96c6-7a93adf806e4?source=api-prod",138,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":47,"trust_score":53,"computed_at":54},"muhammad-rehman",5,1830,94,75,"2026-04-05T02:50:48.087Z",[],{"attackSurface":57,"codeSignals":103,"taintFlows":126,"riskAssessment":127,"analyzedAt":136},{"hooks":58,"ajaxHandlers":94,"restRoutes":100,"shortcodes":101,"cronEvents":102,"entryPointCount":27,"unprotectedCount":27},[59,66,70,74,78,83,87,91],{"type":60,"name":61,"callback":62,"priority":63,"file":64,"line":65},"filter","wpcf7_default_template","set_default_template",10,"includes\\admin\\class-cf7-sp-settings.php",28,{"type":60,"name":67,"callback":68,"priority":63,"file":64,"line":69},"wpcf7_contact_form_properties","add_new_property",29,{"type":60,"name":71,"callback":72,"priority":63,"file":64,"line":73},"wpcf7_save_contact_form","save_summary_tab",30,{"type":60,"name":75,"callback":76,"file":64,"line":77},"admin_enqueue_scripts","admin_script_style",31,{"type":79,"name":80,"callback":81,"file":64,"line":82},"action","admin_menu","register_sub_menu_cf7_summary",32,{"type":79,"name":84,"callback":85,"file":64,"line":86},"cf7sp_before_settings_loaded","cf7sp_save_settings",34,{"type":79,"name":88,"callback":89,"file":90,"line":65},"wp_enqueue_scripts","register_sp_script","includes\\class-cf7-sp-summary-print.php",{"type":79,"name":92,"callback":93,"file":90,"line":69},"admin_notices","notice_for_settings",[95],{"action":96,"nopriv":97,"callback":98,"hasNonce":97,"hasCapCheck":97,"file":64,"line":99},"cf7_hide_summary_notice",false,"cf7_hide_summary_notice_func",33,[],[],[],{"dangerousFunctions":104,"sqlUsage":105,"outputEscaping":107,"fileOperations":28,"externalRequests":28,"nonceChecks":117,"capabilityChecks":28,"bundledLibraries":118},[],{"prepared":28,"raw":28,"locations":106},[],{"escaped":108,"rawEcho":109,"locations":110},11,3,[111,114,116],{"file":64,"line":112,"context":113},58,"raw output",{"file":64,"line":115,"context":113},98,{"file":90,"line":86,"context":113},2,[119,122],{"name":120,"version":37,"knownCves":121},"Select2",[],{"name":123,"version":124,"knownCves":125},"Freemius","1.0",[],[],{"summary":128,"deductions":129},"The 'cf7-summary-and-print' plugin version 1.3.1 exhibits a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and performing a reasonable percentage of output escaping (79%), significant concerns arise from its attack surface.  The presence of one AJAX handler without authentication checks presents a direct entry point for potential exploitation, which is a critical weakness. The plugin also includes bundled libraries like Select2 and Freemius v1.0, which, depending on their specific versions and any known vulnerabilities, could introduce further risks. \n\nThe vulnerability history shows one previously disclosed medium-severity CVE, specifically a Cross-Site Request Forgery (CSRF). Although currently patched, the existence of past vulnerabilities, particularly those involving CSRF, suggests potential areas for improvement in input validation and nonce implementation across all entry points. The taint analysis shows no critical or high-severity issues, which is a positive sign, but this might be an artifact of the limited scope of the analysis or the nature of the plugin's functionality. \n\nIn conclusion, while the plugin has some strengths, the unprotected AJAX handler is a notable security flaw that requires immediate attention. The past CSRF vulnerability also warrants a review of overall security hygiene. The limited attack surface in other areas is commendable, but the single unprotected entry point significantly lowers the overall security posture and necessitates mitigation.",[130,132,134],{"reason":131,"points":63},"Unprotected AJAX handler",{"reason":133,"points":63},"Past medium severity CVE (CSRF)",{"reason":135,"points":109},"Bundled library (Freemius v1.0)","2026-03-16T19:54:47.699Z",{"wat":138,"direct":147},{"assetPaths":139,"generatorPatterns":142,"scriptPaths":143,"versionParams":144},[140,141],"\u002Fwp-content\u002Fplugins\u002Fcf7-summary-and-print\u002Fassets\u002Fcss\u002Fcf7-sp-admin.css","\u002Fwp-content\u002Fplugins\u002Fcf7-summary-and-print\u002Fassets\u002Fjs\u002Fcf7-sp-admin.js",[],[141],[145,146],"cf7-sp-admin.css?ver=","cf7-sp-admin.js?ver=",{"cssClasses":148,"htmlComments":150,"htmlAttributes":151,"restEndpoints":158,"jsGlobals":159,"shortcodeOutput":160},[149],"cf7-form-list",[],[152,153,154,155,156,157],"name=\"cf7-enabled\"","name=\"cf7-enabled-for[]\"","name=\"cf7-summary-title\"","name=\"cf7-summary-msg-enabled\"","name=\"cf7-summary-msg\"","name=\"cf7-summary-btn\"",[],[],[]]