WP-Safety

CF7 Woo Product Registration Security & Risk Analysis

wordpress.org/plugins/cf7-woo-product-registration

Add a form field to Contact Form 7 forms to include your products from WooCommerce to create a product registration form or return authorization (RMA) …

100 active installs v1.2 PHP 7.0+ WP 4.5+ Updated Feb 14, 2025
cf7contact-form-7product-registration-formrma-formwoocommerce
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is CF7 Woo Product Registration Safe to Use in 2026?

Generally Safe

Score 92/100

CF7 Woo Product Registration has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "cf7-woo-product-registration" v1.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and having a strong percentage of properly escaped output. The absence of known vulnerabilities in its history is also a positive indicator. However, significant concerns arise from its attack surface. The plugin exposes two AJAX handlers, both of which lack authentication checks. This is a critical oversight that could allow unauthenticated users to trigger potentially harmful actions within the plugin. The lack of nonce checks on these AJAX endpoints further exacerbates this risk, leaving them vulnerable to Cross-Site Request Forgery (CSRF) attacks. While taint analysis showed no immediate issues, the unprotected AJAX endpoints represent a significant entry point for potential exploitation.

Key Concerns

  • 2 AJAX handlers without auth checks
  • 0 Nonce checks
  • Low percentage of properly escaped output (73%)
Vulnerabilities
None known

CF7 Woo Product Registration Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

CF7 Woo Product Registration Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
20
53 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

73% escaped73 total outputs
Attack Surface
2 unprotected

CF7 Woo Product Registration Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_dd_cf7_get_wc_productspublic\class-cf7-woo-products-contact-form.php:24
noprivwp_ajax_dd_cf7_get_wc_productspublic\class-cf7-woo-products-contact-form.php:25
WordPress Hooks 17
filterplugin_action_linksadmin\admin-functions.php:2
filterplugin_row_metaadmin\admin-functions.php:20
actionadmin_initadmin\class-cf7-woo-products-cf7.php:12
actionload-post.phpadmin\class-cf7-woo-products-metaboxes.php:12
actionload-post-new.phpadmin\class-cf7-woo-products-metaboxes.php:13
actionadd_meta_boxesadmin\class-cf7-woo-products-metaboxes.php:20
actionsave_postadmin\class-cf7-woo-products-metaboxes.php:21
actionadmin_menuadmin\class-cf7-woo-products-settings.php:12
actionadmin_initadmin\class-cf7-woo-products-settings.php:13
actionbefore_woocommerce_initcf7-woo-products.php:89
actionplugins_loadedincludes\class-cf7-woo-products.php:143
actionadmin_enqueue_scriptsincludes\class-cf7-woo-products.php:157
actionwp_enqueue_scriptsincludes\class-cf7-woo-products.php:172
actionwp_enqueue_scriptsincludes\class-cf7-woo-products.php:173
actionwpcf7_initpublic\class-cf7-woo-products-contact-form.php:21
filterwpcf7_validate_wc_productspublic\class-cf7-woo-products-contact-form.php:22
filterwpcf7_validate_wc_products*public\class-cf7-woo-products-contact-form.php:23
Maintenance & Trust

CF7 Woo Product Registration Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 14, 2025
PHP min version7.0
Downloads4K

Community Trust

Rating100/100
Number of ratings2
Active installs100
Alternatives

CF7 Woo Product Registration Alternatives

ShopMagic for Contact Form 7 and WooCommerce

ShopMagic for Contact Form 7 and WooCommerce

shopmagic-for-contact-form-7

A
100

Allows creating WooCommerce marketing automation and emailing WordPress users based on Contact Form 7 submission. You can use this Contact Form 7 inte …

400 No CVEs
Codenitive CAPTCHA Security

Codenitive CAPTCHA Security

codenitive-captcha

A
100

Protect your WordPress and WooCommerce login, registration, and checkout Contact form 7 (cf7) forms with lightweight Google reCAPTCHA v2.

20 No CVEs
Database Addon for Contact Form 7 – CFDB7

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

A
90

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs
Redirection for Contact Form 7

Redirection for Contact Form 7

wpcf7-redirect

A
88

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs
Invisible reCaptcha for WordPress

Invisible reCaptcha for WordPress

invisible-recaptcha

A
85

Invisible reCaptcha for WordPress plugin helps you to protect your sites against bad spam bots using the new Invisible reCaptcha by Google.

90K No CVEs
Developer Profile

CF7 Woo Product Registration Developer Profile

thehowarde

6 plugins · 4K total installs

81
trust score
Avg Security Score
90/100
Avg Patch Time
33 days
View full developer profile
Detection Fingerprints

How We Detect CF7 Woo Product Registration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cf7-woo-product-registration/admin/assets/js/cf7-woo-products-admin.js/wp-content/plugins/cf7-woo-product-registration/assets/js/cf7-woo-products-public.js
Script Paths
admin/assets/cf7-woo-products-admin.min.jsassets/js/cf7-woo-products-public.js
Version Parameters
cf7-woo-products-admin.min.js?ver=cf7-woo-products-public.js?ver=

HTML / DOM Fingerprints

JS Globals
cf7_woo_products_ajax_object
FAQ

Frequently Asked Questions about CF7 Woo Product Registration