Does Contact Form 7 – InfusionSoft Add-on have any unpatched vulnerabilities?

No. All known vulnerabilities in Contact Form 7 – InfusionSoft Add-on have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Contact Form 7 – InfusionSoft Add-on compatible with WordPress 4.3.34?

According to WordPress.org data, Contact Form 7 – InfusionSoft Add-on 1.2.2 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is Contact Form 7 – InfusionSoft Add-on updated?

Contact Form 7 – InfusionSoft Add-on was last updated on Sep 2, 2015. Frequent updates are generally a positive security signal.

What is Contact Form 7 – InfusionSoft Add-on's security score?

Contact Form 7 – InfusionSoft Add-on has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Contact Form 7 – InfusionSoft Add-on Security & Risk Analysis

wordpress.org/plugins/contact-form-7-infusionsoft-add-on

An add-on for Contact Form 7 that provides a way to capture leads, tag customers, and send contact form data to InfusionSoft.

200 active installs v1.2.2 PHP + WP 3.8.2+ Updated Sep 2, 2015

cf7contact-formcontact-form-7contact-forms-7infusionsoft

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Contact Form 7 – InfusionSoft Add-on Safe to Use in 2026?

Generally Safe

Score 85/100

Contact Form 7 – InfusionSoft Add-on has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The plugin "contact-form-7-infusionsoft-add-on" v1.2.2 exhibits a generally strong security posture based on the provided static analysis. The absence of direct entry points like AJAX handlers, REST API routes, and shortcodes, as well as no cron events, significantly reduces the attack surface. Furthermore, the code demonstrates good practices by utilizing prepared statements for all SQL queries and including nonce checks. The lack of any known vulnerabilities or CVEs in its history is a positive indicator of its past security development. However, a notable concern is the low percentage of properly escaped output (27%), which suggests a risk of Cross-Site Scripting (XSS) vulnerabilities. While the taint analysis did not reveal critical or high severity issues, the presence of unsanitized paths in the two analyzed flows warrants attention. The single file operation is not inherently a risk without further context, but it's an area to be mindful of. Overall, the plugin has a solid foundation but requires improvement in output sanitization to mitigate potential XSS risks.

Key Concerns

Low percentage of properly escaped output
Taint analysis shows unsanitized paths

Vulnerabilities

None known

Contact Form 7 – InfusionSoft Add-on Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Contact Form 7 – InfusionSoft Add-on Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

36 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

27% escaped131 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

<index> (src\xmlrpc-3.0\debugger\index.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Contact Form 7 – InfusionSoft Add-on Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionadmin_noticescf7-infusionsoft-addon.php:39

actionadmin_enqueue_scriptscf7-infusionsoft-addon.php:50

actionadmin_initcf7-infusionsoft-addon.php:63

actionwpcf7_add_meta_boxescf7-infusionsoft-addon.php:74

actionwpcf7_editor_panelscf7-infusionsoft-addon.php:86

actionwpcf7_after_savecf7-infusionsoft-addon.php:136

actionwpcf7_mail_sentcf7-infusionsoft-addon.php:152

actionadmin_initcf7-infusionsoft-options.php:7

actionadmin_menucf7-infusionsoft-options.php:12

Maintenance & Trust

Contact Form 7 – InfusionSoft Add-on Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedSep 2, 2015

PHP min version

Downloads14K

Community Trust

Rating100/100

Number of ratings11

Active installs200

Alternatives

Contact Form 7 – InfusionSoft Add-on Alternatives

Contact Form 7 – Success Page Redirects

contact-form-7-success-page-redirects

An add-on for Contact Form 7 that provides a straightforward method to redirect visitors to success pages or thank you pages.

10K No CVEs

Contact Form 7 Modules

contact-form-7-modules

Contact Form 7 - Add useful modules such as hidden fields and "send all fields" to the Contact Form 7 plugin

5K No CVEs

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs

Redirection for Contact Form 7

wpcf7-redirect

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs

Advanced Contact form 7 DB

advanced-cf7-db

Save all contact form 7 form submitted data to the database, View, Ordering, Change field labels and Import/Export data using CSV.

70K 6 CVEs

Developer Profile

Contact Form 7 – InfusionSoft Add-on Developer Profile

Ryan Nevius

2 plugins · 10K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Contact Form 7 – InfusionSoft Add-on

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/contact-form-7-infusionsoft-add-on/cf7-infusionsoft-scripts.js

Script Paths