WP-Safety

Database Entries Manager for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/database-entries-manager-for-contact-form-7

Store all your Contact Form 7 entries and manage their status in your Wordpress Dashboard. Keep track of all the support or contact requests from your …

0 active installs v1.0.184 PHP + WP 4.0+ Updated May 20, 2020
cf7-databasecf7-entriescf7-submissionscontact-form-7-databasecontact-form-7-manager
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Database Entries Manager for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 85/100

Database Entries Manager for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The plugin 'database-entries-manager-for-contact-form-7' v1.0.184 exhibits a generally strong security posture based on the provided static analysis. All identified AJAX entry points have nonce checks, and the plugin avoids dangerous functions, file operations, and external HTTP requests. Furthermore, all SQL queries utilize prepared statements, which significantly mitigates the risk of SQL injection vulnerabilities. The absence of any recorded CVEs also suggests a history of responsible security practices or a lack of significant past vulnerabilities. However, a notable area of concern is the 43% of output escaping, which indicates that a substantial portion of output is not being properly sanitized, potentially exposing the plugin to Cross-Site Scripting (XSS) vulnerabilities. Additionally, the lack of capability checks on its AJAX handlers, while protected by nonces, still presents a potential avenue for privilege escalation if an attacker can bypass or trick the nonce validation. While the immediate threat from the static analysis and vulnerability history appears low, the unescaped output is the primary actionable risk requiring attention. The plugin's strengths lie in its secure handling of SQL and its avoidance of other common risky practices.

Key Concerns

  • Insufficient output escaping detected
  • No capability checks on AJAX handlers
Vulnerabilities
None known

Database Entries Manager for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Database Entries Manager for Contact Form 7 Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
20 prepared
Unescaped Output
13
10 escaped
Nonce Checks
6
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared20 total queries

Output Escaping

43% escaped23 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
wicocf7db_functions_ajax_cf7_records_list (functions\ajax\ajax_cf7_records.php:13)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Database Entries Manager for Contact Form 7 Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 6

authwp_ajax_wicocf7db_functions_ajax_cf7_records_listfunctions\ajax\ajax_cf7_records.php:7
authwp_ajax_wicocf7db_functions_ajax_cf7_get_submission_data_by_idfunctions\ajax\ajax_cf7_records.php:8
authwp_ajax_wicocf7db_functions_ajax_cf7_save_submission_statusfunctions\ajax\ajax_cf7_records.php:9
authwp_ajax_wicocf7db_wicore_components_events_ajax_listitemswicore\components\events\ajax.php:7
authwp_ajax_wicocf7db_wicore_components_events_ajax_insertwicore\components\events\ajax.php:8
authwp_ajax_wicocf7db_wicore_components_simpledictionary_ajax_listitemswicore\components\simple_dictionary\ajax.php:7
WordPress Hooks 5
actionwpcf7_before_send_mailfunctions\startup.php:19
actionplugins_loadedwicocf7db.php:26
actionplugins_loadedwicocf7db.php:27
actioninitwicocf7db.php:38
actionadmin_menuwicore\business.php:588
Maintenance & Trust

Database Entries Manager for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedMay 20, 2020
PHP min version
Downloads963

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Database Entries Manager for Contact Form 7 Alternatives

Database Addon for Contact Form 7 – CFDB7

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

A
90

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs
CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

contact-form-7-honeypot

A
100

Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.

300K No CVEs
Database for Contact Form 7, WPforms, Elementor forms

Database for Contact Form 7, WPforms, Elementor forms

contact-form-entries

B
76

Saves Contact Form 7, WPforms,Elementor Forms, CRM Perks Forms and many other contact form submissions to database.

70K 13 CVEs
Database for CF7

Database for CF7

database-for-cf7

A
92

Save CF7 submitted form informations into your WordPress database.

2K 1 CVE
WPSyncSheets For Contact Form 7 – CF7 Google Sheets Connector & Save to Database

WPSyncSheets For Contact Form 7 – CF7 Google Sheets Connector & Save to Database

contactsheets-lite

A
100

Connect Contact Form 7 submissions to Google Sheets to sync your form entries and save all cf7 forms submitted data to the database.

400 No CVEs
Developer Profile

Database Entries Manager for Contact Form 7 Developer Profile

wisercoding

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Database Entries Manager for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/database-entries-manager-for-contact-form-7/wicore/clientresources/reset.css/wp-content/plugins/database-entries-manager-for-contact-form-7/wicore/clientresources/bootstrap.css/wp-content/plugins/database-entries-manager-for-contact-form-7/wicore/clientresources/datatable.css/wp-content/plugins/database-entries-manager-for-contact-form-7/wicore/clientresources/fontawesome.min.css/wp-content/plugins/database-entries-manager-for-contact-form-7/wicore/clientresources/fontawesome.solid.min.css/wp-content/plugins/database-entries-manager-for-contact-form-7/wicore/clientresources/fontawesome.regular.min.css/wp-content/plugins/database-entries-manager-for-contact-form-7/wicore/clientresources/wico-plugin.css/wp-content/plugins/database-entries-manager-for-contact-form-7/client/css/plugin.css+10 more
Script Paths
https://fonts.googleapis.com/css2?family=Roboto&display=swaphttps://cdn.materialdesignicons.com/3.2.89/css/materialdesignicons.min.css
Version Parameters
wicocf7db-css-font?ver=1.0.184wicocf7db-css-icons?ver=1.0.184wicocf7db-css-reset?ver=1.0.184wicocf7db-css-bootstrap?ver=1.0.184wicocf7db-css-datatable?ver=1.0.184wicocf7db-css-fontawesome?ver=1.0.184wicocf7db-css-fontawesome-solid?ver=1.0.184wicocf7db-css-fontawesome-regular?ver=1.0.184xxx_plugin_domain_keyxxx-css-wico-plugin?ver=1.0.184xxx_plugin_domain_keyxxx-css-wico-plugin-specific?ver=1.0.184xxx_plugin_domain_keyxxx-bootstrap-js?ver=1.0.184xxx_plugin_domain_keyxxx-datatable-js?ver=1.0.184xxx_plugin_domain_keyxxx-blockui-js?ver=1.0.184xxx_plugin_domain_keyxxx-wico-plugin-js?ver=1.0.184wicocf7db-wico-pages-dashboard?ver=1.0.184wicocf7db-wico-pages-settings?ver=1.0.184wicocf7db-wico-pages-entries?ver=1.0.184wicocf7db-wico-pages-analysis?ver=1.0.184wicocf7db-wico-simpledictionary-js?ver=1.0.184wicocf7db-wico-events-js?ver=1.0.184

HTML / DOM Fingerprints

CSS Classes
wico-blockuifa-spinnerfa-spin
Data Attributes
data-bs-toggledata-bs-target
JS Globals
wicocf7dbGlobalPageswicocf7db_vars
FAQ

Frequently Asked Questions about Database Entries Manager for Contact Form 7