Does Data Soap Validation have any unpatched vulnerabilities?

No. All known vulnerabilities in Data Soap Validation have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Data Soap Validation compatible with WordPress 6.7.5?

According to WordPress.org data, Data Soap Validation 1.0.7 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Data Soap Validation updated?

Data Soap Validation was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Data Soap Validation's security score?

Data Soap Validation has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Data Soap Validation Security & Risk Analysis

wordpress.org/plugins/data-soap-validation

Applies Data Soap telephone and email validation services to Contact Form 7, Elementor Pro, Gravity Forms, Woocommerce & WPForms Requires PHP

50 active installs v1.0.7 PHP + WP 4.5+ Updated Unknown

elementorgravitygravity-formsgravityformswoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Data Soap Validation Safe to Use in 2026?

Generally Safe

Score 100/100

Data Soap Validation has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "data-soap-validation" plugin, version 1.0.7, exhibits a generally strong security posture based on the provided static analysis. The absence of direct entry points like AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. Furthermore, the code demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping all outputs. There are no known vulnerabilities or CVEs associated with this plugin, indicating a history of stable and secure development.

However, a notable concern is the presence of an external HTTP request without further context on its destination or validation. While the taint analysis shows no critical or high-severity unsanitized paths, the two flows with unsanitized paths warrant attention, even if they did not escalate to a critical or high severity. The lack of nonce checks and capability checks on potential, albeit currently non-existent, entry points is a weakness that could become a significant risk if new entry points are introduced in future versions without proper security controls.

In conclusion, the plugin is currently well-protected and has a clean vulnerability history. The primary areas for improvement lie in understanding and securing the external HTTP request and ensuring future development adheres to robust authentication and authorization checks for any newly introduced entry points. The current absence of such checks, while not an immediate exploit, represents a potential future risk.

Key Concerns

External HTTP request without auth/validation context
Flows with unsanitized paths (even if not critical)
No nonce checks present
No capability checks present

Vulnerabilities

None known

Data Soap Validation Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Data Soap Validation Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped14 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

dsv_password_changing (plugin_interface.php:64)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Data Soap Validation Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 17

filterwpcf7_validate_telincludes\dsvcf7-validation.php:4

filterwpcf7_validate_tel*includes\dsvcf7-validation.php:5

filterwpcf7_validate_intl_telincludes\dsvcf7-validation.php:6

filterwpcf7_validate_intl_tel*includes\dsvcf7-validation.php:7

filterwpcf7_validate_emailincludes\dsvcf7-validation.php:76

filterwpcf7_validate_email*includes\dsvcf7-validation.php:77

actionelementor_pro/forms/validation/telincludes\dsvep-validation.php:3

actionelementor_pro/forms/validationincludes\dsvep-validation.php:65

filtergform_field_validationincludes\dsvgf-validation.php:4

filtergform_field_validationincludes\dsvgf-validation.php:65

actionwoocommerce_checkout_processincludes\dsvwc-validation.php:3

actionwpforms_process_validate_phoneincludes\dsvwpf-validation.php:4

actionwpforms_processincludes\dsvwpf-validation.php:68

actionadmin_menuplugin_interface.php:3

actionadmin_initplugin_interface.php:4

actionadmin_noticesplugin_interface.php:5

filterpre_update_option_dsv_passwordplugin_interface.php:80

Maintenance & Trust

Data Soap Validation Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedUnknown

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs50

Alternatives

Data Soap Validation Alternatives

Data8 Validation

data8-validation-for-contact-form-7

100

Applies Data8 Email, Unusable Name, Phone Validation and PredictiveAddress services to WooCommerce checkout, Gravity Forms and Contact Form 7, WPForms …

200 No CVEs