WP-Safety

WPSyncSheets For Contact Form 7 – CF7 Google Sheets Connector & Save to Database Security & Risk Analysis

wordpress.org/plugins/contactsheets-lite

Connect Contact Form 7 submissions to Google Sheets to sync your form entries and save all cf7 forms submitted data to the database.

400 active installs v1.7.0 PHP 7.4+ WP 5.3+ Updated Mar 12, 2026
cf7cf7-databasecfdb7contact-form-7google-sheets
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WPSyncSheets For Contact Form 7 – CF7 Google Sheets Connector & Save to Database Safe to Use in 2026?

Generally Safe

Score 100/100

WPSyncSheets For Contact Form 7 – CF7 Google Sheets Connector & Save to Database has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago
Risk Assessment

The contact sheets-lite plugin v1.7.0 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The plugin demonstrates good practices by implementing robust nonce and capability checks for its AJAX handlers, and a very high percentage of SQL queries utilize prepared statements, significantly reducing the risk of SQL injection. The absence of known CVEs and a clean vulnerability history further contributes to this positive assessment, suggesting a well-maintained and secure codebase.

However, there are a few areas that warrant attention. The presence of 4 flows with unsanitized paths in the taint analysis, one of which is flagged as high severity, is the most significant concern. While the static analysis reports no direct vulnerabilities from these, unsanitized paths can lead to directory traversal or other file system-related vulnerabilities if not handled carefully in the logic. Additionally, while the majority of output is properly escaped, a 22% rate of unescaped output, though not critical, still presents a potential cross-site scripting (XSS) vector if sensitive data is involved. The use of the Guzzle library, if not kept up-to-date, could also introduce risks.

Key Concerns

  • High severity taint flow with unsanitized path
  • Unsanitized paths found in taint flows
  • Percentage of unescaped output
  • Bundled Guzzle library (potential for outdated versions)
Vulnerabilities
None known

WPSyncSheets For Contact Form 7 – CF7 Google Sheets Connector & Save to Database Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WPSyncSheets For Contact Form 7 – CF7 Google Sheets Connector & Save to Database Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
39 prepared
Unescaped Output
102
362 escaped
Nonce Checks
17
Capability Checks
14
File Operations
2
External Requests
1
Bundled Libraries
1

Bundled Libraries

Guzzle

SQL Query Safety

93% prepared42 total queries

Output Escaping

78% escaped464 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

12 flows4 with unsanitized paths
wpsslc_review_notice_message (includes\class-wpsslc-notifications.php:133)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WPSyncSheets For Contact Form 7 – CF7 Google Sheets Connector & Save to Database Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 6

authwp_ajax_install_and_activate_pluginincludes\class-wpsslc-plugin-settings.php:59
authwp_ajax_wpssc_toggle_form_statusincludes\class-wpsslc-plugin-settings.php:61
authwp_ajax_wpssc_toggle_db_statusincludes\class-wpsslc-plugin-settings.php:63
authwp_ajax_wpsslc_reset_settingsincludes\class-wpsslc-service.php:74
authwp_ajax_wpsslc_clear_sheetincludes\class-wpsslc-service.php:75
authwp_ajax_wpsslc_get_sheets_listincludes\class-wpsslc-service.php:77
WordPress Hooks 19
actionadmin_enqueue_scriptsfeedback\users-feedback.php:22
actionadmin_initfeedback\users-feedback.php:25
actionadmin_headfeedback\users-feedback.php:28
actionadmin_initincludes\class-wpsslc-notifications.php:35
actionadmin_noticesincludes\class-wpsslc-notifications.php:81
actionadmin_noticesincludes\class-wpsslc-notifications.php:192
actionadmin_menuincludes\class-wpsslc-plugin-settings.php:52
actionadmin_enqueue_scriptsincludes\class-wpsslc-plugin-settings.php:53
actionadmin_enqueue_scriptsincludes\class-wpsslc-plugin-settings.php:54
filterplugin_row_metaincludes\class-wpsslc-plugin-settings.php:55
actionadmin_initincludes\class-wpsslc-plugin-settings.php:62
filterwpcf7_editor_panelsincludes\class-wpsslc-service.php:68
actionwpcf7_after_saveincludes\class-wpsslc-service.php:69
actionwpcf7_before_send_mailincludes\class-wpsslc-service.php:70
actionwpcf7_before_send_mailincludes\class-wpsslc-service.php:71
actionwpcf7_before_send_mailincludes\class-wpsslc-service.php:72
actioninitsrc\class-contactsheetslite.php:48
actioninitwpsyncsheets-lite-contact-form-7.php:90
actionadmin_noticeswpsyncsheets-lite-contact-form-7.php:112
Maintenance & Trust

WPSyncSheets For Contact Form 7 – CF7 Google Sheets Connector & Save to Database Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version7.4
Downloads63K

Community Trust

Rating90/100
Number of ratings8
Active installs400
Alternatives

WPSyncSheets For Contact Form 7 – CF7 Google Sheets Connector & Save to Database Alternatives

Database Addon for Contact Form 7 – CFDB7

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

A
90

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs
GSheetConnector for CF7 – Connect Contact Form 7 to Google Sheets and Send Form Submissions in Real Time

GSheetConnector for CF7 – Connect Contact Form 7 to Google Sheets and Send Form Submissions in Real Time

cf7-google-sheets-connector

A
96

Send your Contact Form 7 data directly to your Google Sheets spreadsheet.

40K 4 CVEs
Database for CF7

Database for CF7

database-for-cf7

A
92

Save CF7 submitted form informations into your WordPress database.

2K 1 CVE
EP Exporter for Contact Form 7 (CF7)

EP Exporter for Contact Form 7 (CF7)

ep-exporter-for-cf7

A
100

Smart and lightweight Contact Form 7 data exporter. Export your CF7 or CFDB7 submissions to CSV with advanced filtering options.

200 No CVEs
PeproDev CF7 SMS Notifier

PeproDev CF7 SMS Notifier

pepro-cf7-sms-notifier

A
85

Send notifications to User and Admins upon Contact Form 7 Submission

20 No CVEs
Developer Profile

WPSyncSheets For Contact Form 7 – CF7 Google Sheets Connector & Save to Database Developer Profile

Creative Werk Designs

6 plugins · 2K total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
4 days
View full developer profile
Detection Fingerprints

How We Detect WPSyncSheets For Contact Form 7 – CF7 Google Sheets Connector & Save to Database

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/contactsheets-lite/feedback/js/admin-feedback.js/wp-content/plugins/contactsheets-lite/feedback/css/admin-feedback.css
Version Parameters
contactsheets-lite/feedback/js/admin-feedback.js?ver=contactsheets-lite/feedback/css/admin-feedback.css?ver=

HTML / DOM Fingerprints

CSS Classes
wpssc-deactivation-containerwpssc-deactivation-responsewpssc-form-title--icon-wrapperwpssc-iconhide-feedback-popup
FAQ

Frequently Asked Questions about WPSyncSheets For Contact Form 7 – CF7 Google Sheets Connector & Save to Database