WP-Safety

Conditional fields in Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/conditional-fields-in-contact-form-7

Adds conditional logic to Contact Form 7.

30 active installs v1.0.4 PHP 5.3+ WP 4.1+ Updated May 15, 2022
cfcf7contact-form-7
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Conditional fields in Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 85/100

Conditional fields in Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The plugin "conditional-fields-in-contact-form-7" v1.0.4 exhibits several concerning security practices despite a clean vulnerability history. A significant portion of its attack surface consists of AJAX handlers that lack proper authentication checks, creating potential entry points for unauthorized actions. Furthermore, a substantial percentage of output is not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is mishandled.

The absence of nonce checks on these unprotected AJAX handlers is a critical oversight. While there are no recorded CVEs and the taint analysis shows no immediate critical or high severity issues, the static analysis reveals weaknesses that could be exploited. The plugin demonstrates good practice with prepared SQL statements, but this is overshadowed by the issues with AJAX authentication and output escaping.

In conclusion, while the plugin has no known historical vulnerabilities, its current implementation presents tangible risks due to unprotected AJAX endpoints and insufficient output escaping. These factors necessitate careful review and potential remediation to improve its overall security posture.

Key Concerns

  • AJAX handlers without auth checks
  • Low percentage of properly escaped output
  • Missing nonce checks on AJAX
Vulnerabilities
None known

Conditional fields in Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Conditional fields in Contact Form 7 Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
76
14 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

16% escaped90 total outputs
Attack Surface
3 unprotected

Conditional fields in Contact Form 7 Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_cfcf7_dismiss_noticecfcf7-options.php:299
authwp_ajax_cf7mls_validationcfcf7.php:25
noprivwp_ajax_cf7mls_validationcfcf7.php:26
WordPress Hooks 20
actionadmin_enqueue_scriptsadmin.php:3
filterwpcf7_editor_panelsadmin.php:15
filterwpcf7_copyadmin.php:112
actionwpcf7_after_saveadmin.php:124
actionwpcf7_save_contact_formadmin.php:138
actionadmin_enqueue_scriptscfcf7-options.php:47
actionadmin_menucfcf7-options.php:54
actionadmin_initcfcf7-options.php:290
actionplugins_loadedcfcf7.php:10
actionwpcf7_initcfcf7.php:16
actionadmin_initcfcf7.php:19
filterwpcf7_posted_datacfcf7.php:22
filterwpcf7_posted_datacfcf7.php:29
filterwpcf7_validatecfcf7.php:31
actionwpcf7_config_validator_validatecfcf7.php:34
actionwpcf7_before_send_mailcfcf7.php:37
filterwpcf7_contact_form_propertiescfcf7.php:271
actionwpcf7_form_hidden_fieldscfcf7.php:316
filterwpcf7_form_tag_data_optioncfcf7.php:346
actionwp_enqueue_scriptscfcf7.php:363
Maintenance & Trust

Conditional fields in Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedMay 15, 2022
PHP min version5.3
Downloads10K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Alternatives

Conditional fields in Contact Form 7 Alternatives

Database Addon for Contact Form 7 – CFDB7

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

A
90

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs
ReCaptcha v2 for Contact Form 7

ReCaptcha v2 for Contact Form 7

wpcf7-recaptcha

A
100

Adds reCaptcha v2 from Contact Form 7 5.0.5 that was dropped on Contact Form 7 5.1

200K No CVEs
Redirection for Contact Form 7

Redirection for Contact Form 7

wpcf7-redirect

A
88

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs
Conditional Fields for Contact Form 7

Conditional Fields for Contact Form 7

cf7-conditional-fields

A
97

Adds conditional logic to Contact Form 7.

100K 4 CVEs
Contact Form 7 – Dynamic Text Extension

Contact Form 7 – Dynamic Text Extension

contact-form-7-dynamic-text-extension

B
74

Extends Contact Form 7 by adding dynamic form fields that accepts shortcodes to prepopulate form fields with default values and dynamic placeholders.

100K 1 unpatched
Developer Profile

Conditional fields in Contact Form 7 Developer Profile

Pavel

3 plugins · 60 total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Conditional fields in Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Conditional fields in Contact Form 7