WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Security & Risk Analysis

Send Contact Form 7, WPForms, Elementor, Ninja Forms, Contact Form Entries Plugin and many other contact form submissions to Zendesk.

500 active installs v1.1.6 PHP 5.3+ WP 3.8+ Updated Feb 23, 2026

contact-form-7-zendeskelementor-forms-zendeskninja-forms-zendeskwpforms-zendeskzendesk-form

A · Safe

CVEs total3

Unpatched0

Last CVEMar 2, 2026

Plugin page Download

Safety Verdict

Is WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Safe to Use in 2026?

Generally Safe

Score 95/100

WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Mar 2, 2026Updated 1mo ago

Risk Assessment

The 'cf7-zendesk' plugin v1.1.6 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by implementing a significant number of nonce checks (17) and capability checks (23), suggesting an effort to secure its functionalities. The absence of an exposed attack surface in terms of AJAX handlers, REST API routes, shortcodes, and cron events is also a strong positive indicator. However, the presence of two flows with unsanitized paths in the taint analysis, classified as high severity, indicates potential vulnerabilities that could allow for unauthorized data manipulation or code execution if exploited.

The vulnerability history reveals a pattern of past issues, including Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), which are common and potentially severe vulnerabilities. While there are currently no unpatched CVEs, the existence of three past CVEs, including one high-severity vulnerability, warrants attention. This history suggests a tendency for vulnerabilities to arise, particularly concerning input sanitization and authorization. The last reported vulnerability in 2026 is concerning if this data is from the present; otherwise, it indicates a recent history of issues.

In conclusion, while the plugin has strengths in its limited attack surface and implementation of security checks, the high-severity taint flows and the history of XSS and CSRF vulnerabilities are significant concerns. Developers should prioritize addressing the identified unsanitized paths and maintaining vigilance regarding input validation to prevent future security incidents. The absence of directly exploitable entry points is a strength, but the underlying code quality, as indicated by taint analysis and historical CVEs, requires ongoing scrutiny.

Key Concerns

High severity taint flows with unsanitized paths
Past high severity vulnerability
Past medium severity vulnerabilities
Unescaped output identified
External HTTP requests

Vulnerabilities

WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2026-2568high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting

Mar 2, 2026 Patched in 1.1.6 (1d)

CVE-2025-32269medium · 4.3Cross-Site Request Forgery (CSRF)

WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.3 - Cross-Site Request Forgery

Apr 4, 2025 Patched in 1.1.4 (19d)

WF-cc1e9778-2860-4e3c-a2e4-28f10d585fed-cf7-zendeskmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CRM Perks - Various Plugins (Various Versions) - Reflected Cross-Site Scripting

Aug 26, 2021 Patched in 1.0.8 (880d)

Code Analysis

Analyzed Mar 16, 2026

WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Code Analysis

Dangerous Functions

Raw SQL Queries

25 prepared

Unescaped Output

305 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

76% prepared33 total queries

Output Escaping

76% escaped402 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

settings_page (includes\plugin-pages.php:1474)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 39

actionplugins_loadedcf7-zendesk.php:58

actioncfx_form_submittedcf7-zendesk.php:93

actionvxcf_entry_createdcf7-zendesk.php:94

actionvx_contact_createdcf7-zendesk.php:95

actionvx_callcenter_entry_createdcf7-zendesk.php:96

filterwpcf7_before_send_mailcf7-zendesk.php:98

actionfrm_after_create_entrycf7-zendesk.php:100

actionninja_forms_after_submissioncf7-zendesk.php:101

actionwpforms_process_entry_savecf7-zendesk.php:102

actionelementor_pro/forms/new_recordcf7-zendesk.php:104

actioninitcf7-zendesk.php:108

actionvx_cf_add_meta_boxincludes\crmperks-cf.php:10

actioncfx_add_meta_boxincludes\plugin-pages.php:31

actioncfx_form_entry_updatedincludes\plugin-pages.php:32

actioncfx_form_post_note_addedincludes\plugin-pages.php:33

actioncfx_form_pre_note_deletedincludes\plugin-pages.php:34

actioncfx_form_pre_trash_leadsincludes\plugin-pages.php:35

actioncfx_form_pre_restore_leadsincludes\plugin-pages.php:36

filteradmin_menuincludes\plugin-pages.php:48

filtervx_cf_meta_boxes_rightincludes\plugin-pages.php:49

actionadmin_noticesincludes\plugin-pages.php:50

filterplugin_action_linksincludes\plugin-pages.php:51

actionvxcf_entry_submit_btnincludes\plugin-pages.php:52

actionvx_cf7_post_note_addedincludes\plugin-pages.php:54

actionvx_cf7_pre_note_deletedincludes\plugin-pages.php:55

actionvx_cf7_pre_trash_leadsincludes\plugin-pages.php:56

actionvx_cf7_pre_restore_leadsincludes\plugin-pages.php:57

actionvx_cf7_entry_updatedincludes\plugin-pages.php:58

actionvx_contact_post_note_addedincludes\plugin-pages.php:60

actionvx_contact_pre_note_deletedincludes\plugin-pages.php:61

actionvx_contact_pre_trash_leadsincludes\plugin-pages.php:62

actionvx_contact_pre_restore_leadsincludes\plugin-pages.php:63

actionvx_contact_entry_updatedincludes\plugin-pages.php:64

filtervx_callcenter_entries_actionincludes\plugin-pages.php:66

filtervx_callcenter_bulk_actionsincludes\plugin-pages.php:67

filterplugin_row_metawp\crmperks-notices.php:16

filteradmin_footer_textwp\crmperks-notices.php:24

actionadmin_noticeswp\crmperks-notices.php:26

filterplugins_apiwp\crmperks-notices.php:28

Maintenance & Trust

WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 23, 2026

PHP min version5.3

Downloads14K

Community Trust

Rating100/100

Number of ratings12

Active installs500

Alternatives

WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Alternatives

No alternatives data available yet.

Developer Profile

WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Developer Profile

CRM Perks

32 plugins · 105K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

349 days

View full developer profile

Detection Fingerprints

How We Detect WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cf7-zendesk/css/style.css/wp-content/plugins/cf7-zendesk/js/main.js/wp-content/plugins/cf7-zendesk/css/select2.min.css/wp-content/plugins/cf7-zendesk/js/select2.min.js/wp-content/plugins/cf7-zendesk/js/intlTelInput.min.js/wp-content/plugins/cf7-zendesk/css/intlTelInput.css/wp-content/plugins/cf7-zendesk/js/phone-number.js

Script Paths

/wp-content/plugins/cf7-zendesk/js/main.js/wp-content/plugins/cf7-zendesk/js/select2.min.js/wp-content/plugins/cf7-zendesk/js/intlTelInput.min.js/wp-content/plugins/cf7-zendesk/js/phone-number.js

Version Parameters

cf7-zendesk/css/style.css?ver=cf7-zendesk/js/main.js?ver=cf7-zendesk/css/select2.min.css?ver=cf7-zendesk/js/select2.min.js?ver=cf7-zendesk/js/intlTelInput.min.js?ver=cf7-zendesk/css/intlTelInput.css?ver=cf7-zendesk/js/phone-number.js?ver=

HTML / DOM Fingerprints

CSS Classes

vxcf_form_fields

Data Attributes

data-crm-id="vxcf_zendesk"data-crm-type="vxcf_zendesk"

JS Globals

vxcf_zendesk_objvxcf_phone_number_objvxcf_select2_obj

FAQ