WP-Safety

WeClapp Integration for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/cf7-weclapp-integration

Send user form input to WeClapp to add new contacts/leads/customers recipients.

10 active installs v1.2.2 PHP 5.5+ WP 4.6+ Updated Jun 27, 2022
cf7contact-form-7contact-form-7-addoncontact-form-7-integrationweclapp
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WeClapp Integration for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 85/100

WeClapp Integration for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The plugin "cf7-weclapp-integration" v1.2.2 presents a mixed security posture. On one hand, the absence of known CVEs and a history of no recorded vulnerabilities suggest a generally secure development practice and a low likelihood of immediate exploitation via known weaknesses. The code also exhibits good practices by utilizing prepared statements for all SQL queries and avoiding external HTTP requests, which are common vectors for vulnerabilities. However, significant concerns arise from the static analysis. The plugin exposes a single AJAX handler without any authentication or capability checks, creating a direct, unprotected entry point. Furthermore, a critical finding is that 100% of its output is not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. While taint analysis found no immediate critical or high-severity flows, the unescaped output and unprotected AJAX handler are substantial weaknesses that attackers could exploit. The plugin's strengths lie in its lack of known vulnerabilities and secure SQL handling, but these are overshadowed by the critical issues of an unprotected AJAX endpoint and pervasive output escaping failures.

Key Concerns

  • AJAX handler without authentication check
  • 100% of outputs not properly escaped (XSS risk)
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

WeClapp Integration for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WeClapp Integration for Contact Form 7 Release Timeline

v1.2.2Current
v1.2.1
v1.2
v1.1
v1.0
Code Analysis
Analyzed Mar 17, 2026

WeClapp Integration for Contact Form 7 Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
10
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
3
External Requests
0
Bundled Libraries
1

Bundled Libraries

Guzzle

Output Escaping

0% escaped10 total outputs
Attack Surface
1 unprotected

WeClapp Integration for Contact Form 7 Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_dismiss_admin_notificationvendor-prefixed\pxlrbt\wordpress-notifier\src\Notifier.php:51
WordPress Hooks 6
actionwpcf7_save_contact_formclasses\Config\FormConfigController.php:31
filterwpcf7_editor_panelsclasses\Config\FormConfigController.php:32
actionwpcf7_mail_sentclasses\Frontend.php:49
actiondelete_postclasses\Plugin.php:29
actionadmin_noticesvendor-prefixed\pxlrbt\wordpress-notifier\src\Notifier.php:50
actionadmin_footervendor-prefixed\pxlrbt\wordpress-notifier\src\Notifier.php:52
Maintenance & Trust

WeClapp Integration for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedJun 27, 2022
PHP min version5.5
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

WeClapp Integration for Contact Form 7 Alternatives

CleverReach Integration for Contact Form 7

CleverReach Integration for Contact Form 7

cf7-cleverreach-integration

A
85

Connect your Contact Form 7 forms with your CleverReach account.

700 No CVEs
GSheetConnector for CF7 – Connect Contact Form 7 to Google Sheets and Send Form Submissions in Real Time

GSheetConnector for CF7 – Connect Contact Form 7 to Google Sheets and Send Form Submissions in Real Time

cf7-google-sheets-connector

A
96

Send your Contact Form 7 data directly to your Google Sheets spreadsheet.

40K 4 CVEs
Popups – Submission Messages For Contact Form 7

Popups – Submission Messages For Contact Form 7

cf7-popups

A
100

Display contact form 7 default messages in stylish popup as user submits the form.

3K No CVEs
CF7 Notie

CF7 Notie

cf7-notie

A
85

Display Contact Form 7 response messages as an alternative the standard alert dialog.

70 No CVEs
CF7 LACRM Connector

CF7 LACRM Connector

lacrm-connector-for-contact-form7

A
85

Send your Contact Form 7 data directly to your Less Annoying CRM account.

20 No CVEs
Developer Profile

WeClapp Integration for Contact Form 7 Developer Profile

pixelarbeit

2 plugins · 710 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WeClapp Integration for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cf7-weclapp-integration/css/style.css/wp-content/plugins/cf7-weclapp-integration/js/script.js/wp-content/plugins/cf7-weclapp-integration/css/bootstrap.css
Script Paths
/wp-content/plugins/cf7-weclapp-integration/js/script.js
Version Parameters
cf7-weclapp-integration/css/style.css?ver=cf7-weclapp-integration/js/script.js?ver=cf7-weclapp-integration/css/bootstrap.css?ver=

HTML / DOM Fingerprints

CSS Classes
cf7-weclapp-settings-page
HTML Comments
<!-- Settings Page for WeClapp Integration --><!-- End Settings Page -->
Data Attributes
data-weclapp-form-id
JS Globals
cf7_weclapp_ajax_object
FAQ

Frequently Asked Questions about WeClapp Integration for Contact Form 7