Does CF7 Views – Complete Entry Management for Contact Form 7 have any unpatched vulnerabilities?

No. All known vulnerabilities in CF7 Views – Complete Entry Management for Contact Form 7 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CF7 Views – Complete Entry Management for Contact Form 7 compatible with WordPress 6.9.4?

According to WordPress.org data, CF7 Views – Complete Entry Management for Contact Form 7 3.2.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is CF7 Views – Complete Entry Management for Contact Form 7 compatible with PHP 7.0+?

CF7 Views – Complete Entry Management for Contact Form 7 requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

CF7 Views – Complete Entry Management for Contact Form 7 Security Review

Safety Verdict

Is CF7 Views – Complete Entry Management for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 100/100

CF7 Views – Complete Entry Management for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'cf7-views' plugin version 3.2.2 exhibits a mixed security posture. While it demonstrates good practices in several areas, such as a low number of external HTTP requests and a decent percentage of SQL queries using prepared statements, there are notable concerns. The presence of an unprotected AJAX handler significantly increases the attack surface and poses a direct risk of unauthorized actions or unintended behavior. Furthermore, the taint analysis indicates a concerning number of flows with unsanitized paths, suggesting potential vulnerabilities related to how user-supplied data is processed, even though no critical or high severity issues were explicitly flagged in this analysis. The plugin's history of having no known CVEs is a positive indicator, suggesting a generally stable codebase, but it cannot negate the immediate risks identified in the static analysis.

In conclusion, while the absence of historical vulnerabilities is reassuring, the current version of 'cf7-views' is not without risk. The unprotected AJAX endpoint is a clear vulnerability that should be addressed promptly. The taint analysis findings, though not immediately critical, warrant further investigation and careful handling of any user-supplied input. The plugin's strengths lie in its limited external interactions and a moderate use of security best practices for SQL. However, these are overshadowed by the identified attack vectors and potential data handling weaknesses that could be exploited by attackers.

Key Concerns

Unprotected AJAX handler
Flows with unsanitized paths (taint analysis)
Output escaping not fully implemented

Vulnerabilities

None known

CF7 Views – Complete Entry Management for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CF7 Views – Complete Entry Management for Contact Form 7 Code Analysis

Dangerous Functions

0

Raw SQL Queries

3

10 prepared

Unescaped Output

45

100 escaped

Nonce Checks

7

Capability Checks

9

File Operations

6

External Requests

0

Bundled Libraries

0

SQL Query Safety

77% prepared13 total queries

Output Escaping

69% escaped145 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

12 flows8 with unsanitized paths

get_form_fields (inc\admin\class-cf7-views-ajax.php:13)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

CF7 Views – Complete Entry Management for Contact Form 7 Attack Surface

Entry Points6

Unprotected1

AJAX Handlers 5

authwp_ajax_cf7_views_get_form_fieldsinc\admin\class-cf7-views-ajax.php:6

authwp_ajax_cf7_views_create_viewinc\admin\class-cf7-views-ajax.php:8

authwp_ajax_cf7_save_viewinc\admin\class-cf7-views-ajax.php:10

authwp_ajax_cf7_views_search_entriesinc\admin\entries\class-cf7-views-frontend-query.php:28

noprivwp_ajax_cf7_views_search_entriesinc\admin\entries\class-cf7-views-frontend-query.php:29

Shortcodes 1

[cf7-views] inc\class-cf7-views-shortcode.php:11

WordPress Hooks 35

actionplugins_loadedcf7-views.php:34

actionplugins_loadedcf7-views.php:35

actionadmin_noticescf7-views.php:39

actionadmin_enqueue_scriptscf7-views.php:108

actionwp_enqueue_scriptscf7-views.php:110

actionadmin_menuinc\admin\class-cf7-views-editor.php:6

actionadmin_menuinc\admin\class-cf7-views-list-table.php:6

filterviews_edit-cf7-viewsinc\admin\class-cf7-views-list-table.php:7

filterget_edit_post_linkinc\admin\class-cf7-views-list-table.php:8

filterpost_row_actionsinc\admin\class-cf7-views-list-table.php:9

actionadd_meta_boxesinc\admin\class-cf7-views-metabox.php:7

actionsave_postinc\admin\class-cf7-views-metabox.php:8

actioninitinc\admin\class-cf7-views-posttype.php:6

filtermanage_cf7-views_posts_columnsinc\admin\class-cf7-views-posttype.php:7

actionmanage_cf7-views_posts_custom_columninc\admin\class-cf7-views-posttype.php:8

actionadmin_menuinc\admin\class-cf7-views-support.php:5

actionadmin_menuinc\admin\class-cf7-views-upgrade-to-pro-page.php:5

actionadmin_menuinc\admin\entries\class-cf7-views-entries-admin.php:34

actionadmin_menuinc\admin\entries\class-cf7-views-entries-admin.php:37

actionadmin_initinc\admin\entries\class-cf7-views-entries-admin.php:38

actionadmin_enqueue_scriptsinc\admin\entries\class-cf7-views-entries-admin.php:39

actionadmin_noticesinc\admin\entries\class-cf7-views-entries-admin.php:126

actionadmin_noticesinc\admin\entries\class-cf7-views-entries-admin.php:135

actionplugins_loadedinc\admin\entries\class-cf7-views-entries-db.php:41

actionadmin_noticesinc\admin\entries\class-cf7-views-entries-list-table.php:113

actionwpcf7_before_send_mailinc\admin\entries\class-cf7-views-entry-capture.php:31

actionwpcf7_mail_sentinc\admin\entries\class-cf7-views-entry-capture.php:34

filtercf7_views_query_datainc\admin\entries\class-cf7-views-frontend-query.php:26

filtercf7_views_available_fieldsinc\admin\entries\class-cf7-views-frontend-query.php:27

actioninitinc\admin\review\class-cf7-views-review.php:15

actionadmin_noticesinc\admin\review\class-cf7-views-review.php:25

actionnetwork_admin_noticesinc\admin\review\class-cf7-views-review.php:26

actionuser_admin_noticesinc\admin\review\class-cf7-views-review.php:27

actionwpcf7_after_flamingoinc\class-cf7-views-image-upload.php:86

actionelementor/widgets/registerinc\elementor\class-cf7-views-elementor-widget-init.php:14

Maintenance & Trust

CF7 Views – Complete Entry Management for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 9, 2026

PHP min version7.0

Downloads43K

Community Trust

Rating92/100

Number of ratings17

Active installs1K

Alternatives

CF7 Views – Complete Entry Management for Contact Form 7 Alternatives

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

A

90

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs

CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

contact-form-7-honeypot

A

100

Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.

300K No CVEs

Advanced Contact form 7 DB

advanced-cf7-db

B

83

Save all contact form 7 form submitted data to the database, View, Ordering, Change field labels and Import/Export data using CSV.

70K 6 CVEs

WP-DBManager

wp-dbmanager

A

89

Manages your WordPress database.

60K 5 CVEs

Product Slider, Product Carousel and Product Grid Gallery for WooCommerce – WooProduct Slider

woo-product-slider

A

99

Display your WooCommerce products in a responsive Product Slider, Product Carousel, or Product Grid Gallery with easy customization.

20K 2 CVEs

Developer Profile

CF7 Views – Complete Entry Management for Contact Form 7 Developer Profile

Aman

11 plugins · 8K total installs

76

trust score

Avg Security Score

95/100

Avg Patch Time

138 days

View full developer profile

Detection Fingerprints

How We Detect CF7 Views – Complete Entry Management for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cf7-views/assets/css/sweetalert2.min.css/wp-content/plugins/cf7-views/assets/js/sweetalert2.min.js/wp-content/plugins/cf7-views/assets/css/admin.css/wp-content/plugins/cf7-views/assets/js/admin.js/wp-content/plugins/cf7-views/assets/css/font-awesome.css/wp-content/plugins/cf7-views/assets/css/pure-min.css/wp-content/plugins/cf7-views/assets/css/grids-responsive-min.css/wp-content/plugins/cf7-views/assets/css/cf7-views-editor.css+3 more

Script Paths

/wp-content/plugins/cf7-views/assets/js/sweetalert2.min.js/wp-content/plugins/cf7-views/assets/js/admin.js/wp-content/plugins/cf7-views/build/static/js/main.js/wp-content/plugins/cf7-views/build/static/js/vendors~main.js

Version Parameters

cf7-views/assets/css/sweetalert2.min.css?ver=cf7-views/assets/js/sweetalert2.min.js?ver=cf7-views/assets/css/admin.css?ver=cf7-views/assets/js/admin.js?ver=cf7-views/assets/css/font-awesome.css?ver=cf7-views/assets/css/pure-min.css?ver=cf7-views/assets/css/grids-responsive-min.css?ver=cf7-views/assets/css/cf7-views-editor.css?ver=cf7-views/build/static/js/main.js?ver=cf7-views/build/static/js/vendors~main.js?ver=cf7-views/assets/css/cf7-views-display.css?ver=

HTML / DOM Fingerprints

CSS Classes

cf7-views-entries-admin

JS Globals

cf7_views_admin

FAQ

CF7 Views – Complete Entry Management for Contact Form 7 Security & Risk Analysis