WP-Safety

CUB Form Database Manager Security & Risk Analysis

wordpress.org/plugins/cub-cf7db

CUB - CF7DB: Save Contact Form 7 data to WordPress database. Manage, search, and export form entries easily in WP admin.

0 active installs v1.0.2 PHP 7.2+ WP 5.0+ Updated Jun 1, 2025
cf7-extensioncontact-form-7contact-form-databasedatabaseform-submissions
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is CUB Form Database Manager Safe to Use in 2026?

Generally Safe

Score 100/100

CUB Form Database Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago
Risk Assessment

The "cub-cf7db" v1.0.2 plugin presents a mixed security posture. While it demonstrates good practices by largely utilizing prepared statements for SQL queries and having a high percentage of properly escaped outputs, several significant security concerns exist. The plugin has a substantial attack surface with 4 AJAX handlers, all of which lack authentication checks. This is a critical vulnerability that could allow unauthenticated users to trigger potentially harmful actions. Furthermore, the taint analysis reveals 3 high-severity flows with unsanitized paths, indicating potential for injection attacks if these flows are exposed through the unprotected AJAX endpoints.

The vulnerability history is currently clean, with no recorded CVEs. This suggests that while the plugin might have had vulnerabilities in the past, there are no currently known exploitable issues. However, the lack of recent history should not be interpreted as a guarantee of future security, especially given the identified weaknesses in the current version's code. The presence of bundled libraries like DataTables and Select2 also warrants attention, as outdated versions of these libraries can introduce vulnerabilities. In conclusion, the plugin has some positive security attributes but is significantly weakened by its unprotected AJAX endpoints and high-severity unsanitized taint flows. These issues require immediate attention to mitigate potential security risks.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
Vulnerabilities
None known

CUB Form Database Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

CUB Form Database Manager Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
8 prepared
Unescaped Output
9
32 escaped
Nonce Checks
2
Capability Checks
5
File Operations
4
External Requests
0
Bundled Libraries
2

Bundled Libraries

DataTablesSelect2

SQL Query Safety

80% prepared10 total queries

Output Escaping

78% escaped41 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
<cubcf7db-display> (admin\partials\cubcf7db-display.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

CUB Form Database Manager Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_cubcf7db_delete_recordincludes\class-cubcf7db.php:129
noprivwp_ajax_cubcf7db_delete_recordincludes\class-cubcf7db.php:130
authwp_ajax_cubcf7db_cf7form_single_datalistincludes\class-cubcf7db.php:131
noprivwp_ajax_cubcf7db_cf7form_single_datalistincludes\class-cubcf7db.php:132
WordPress Hooks 10
actionupgrader_process_completecubcf7db.php:114
actionadmin_noticescubcf7db.php:129
actionadmin_noticesincludes\class-cubcf7db-activator.php:71
actionplugins_loadedincludes\class-cubcf7db.php:116
actionadmin_menuincludes\class-cubcf7db.php:133
actionwpcf7_before_send_mailincludes\class-cubcf7db.php:134
actionadmin_enqueue_scriptsincludes\class-cubcf7db.php:135
actionadmin_enqueue_scriptsincludes\class-cubcf7db.php:136
actionwp_enqueue_scriptsincludes\class-cubcf7db.php:149
actionwp_enqueue_scriptsincludes\class-cubcf7db.php:150
Maintenance & Trust

CUB Form Database Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 1, 2025
PHP min version7.2
Downloads1K

Community Trust

Rating100/100
Number of ratings2
Active installs0
Alternatives

CUB Form Database Manager Alternatives

AC Advanced Flamingo Settings

AC Advanced Flamingo Settings

ac-advanced-flamingo-settings

A
100

AC Advanced Flamingo Settings enhances and extends the functionality of the CF7 Flamingo plugin by adding customization options, import/export tools, &hellip;

500 No CVEs
Contact Form 7 Database Manager Addon – CF7DBM

Contact Form 7 Database Manager Addon – CF7DBM

form-data-manager

A
92

Save contact form 7 submissions to the WP database with this CF7 addon. Never lose important messages, leads, and requests again.

200 No CVEs
BCodeCraft Submissions for Contact Form 7

BCodeCraft Submissions for Contact Form 7

bcodecraft-submissions-cf7

A
100

Secure storage and management of Contact Form 7 submissions with advanced security features. Never lose a lead again!

0 No CVEs
Contact Form Entries Database

Contact Form Entries Database

contact-form-entries-database

A
100

Capture and manage contact form submissions from Contact Form 7, WPForms, and Ninja Forms � store entries in your WordPress database and view them in &hellip;

0 No CVEs
Database Addon for Contact Form 7 – CFDB7

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

A
90

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs
Developer Profile

CUB Form Database Manager Developer Profile

Vijaysinh Rathod

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect CUB Form Database Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cub-cf7db/admin/css/bootstrap.min.css/wp-content/plugins/cub-cf7db/admin/css/dataTables.bootstrap4.css/wp-content/plugins/cub-cf7db/admin/css/rowReorder.bootstrap4.min.css/wp-content/plugins/cub-cf7db/admin/css/responsive.bootstrap4.min.css/wp-content/plugins/cub-cf7db/admin/css/buttons.bootstrap4.min.css/wp-content/plugins/cub-cf7db/admin/css/select.bootstrap4.min.css/wp-content/plugins/cub-cf7db/admin/css/responsive.dataTables.min.css/wp-content/plugins/cub-cf7db/admin/css/cub-cf7db-admin.css+11 more
Script Paths
/wp-content/plugins/cub-cf7db/admin/js/bootstrap.bundle.min.js/wp-content/plugins/cub-cf7db/admin/js/jquery.dataTables.min.js/wp-content/plugins/cub-cf7db/admin/js/dataTables.bootstrap4.min.js/wp-content/plugins/cub-cf7db/admin/js/dataTables.rowReorder.min.js/wp-content/plugins/cub-cf7db/admin/js/dataTables.responsive.min.js/wp-content/plugins/cub-cf7db/admin/js/dataTables.buttons.min.js+5 more
Version Parameters
cub-cf7db-bootstrap?ver=cub-cf7db-dataTables-bootstrap4?ver=cub-cf7db-rowReorder-bootstrap4-min?ver=cub-cf7db-responsive-bootstrap4-min?ver=cub-cf7db-buttons-bootstrap4-min?ver=cub-cf7db-select-bootstrap4-min?ver=cub-cf7db-responsive-dataTables-min?ver=cub-cf7db-admin?ver=

HTML / DOM Fingerprints

CSS Classes
cub-cf7db-data-tablecubcf7db-wrapper
HTML Comments
<!-- THIS IS THE MAIN WRAPPER FOR THE CUB CF7 DB PLUGIN --><!-- DataTables initialisation --><!-- This script will run on page load to initialise DataTables --><!-- Add custom DataTables initialisation options here -->+4 more
Data Attributes
data-pluginurldata-plugin-namedata-plugin-versiondata-actiondata-form-iddata-nonce
JS Globals
cubcf7db_admin_ajax_urlcubcf7db_settings
REST Endpoints
/wp-json/cubcf7db/v1/submit/wp-json/cubcf7db/v1/get-submissions/wp-json/cubcf7db/v1/delete-submission/wp-json/cubcf7db/v1/get-form-fields
Shortcode Output
<div class="cub-cf7db-wrapper"><table id="cub-cf7db-data-table" class="display responsive nowrap cub-cf7db-data-table" style="width:100%"><thead><tr>
FAQ

Frequently Asked Questions about CUB Form Database Manager