WP-Safety

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification Security & Risk Analysis

wordpress.org/plugins/double-opt-in

Protect your forms with GDPR-compliant Double Opt-In. Ensure valid emails, prevent fake signups, and stay compliant with Contact Form 7 and Avada.

1K active installs v3.7.2 PHP 8.0+ WP 5.0+ Updated Mar 14, 2026
avadacontact-form-7double-opt-inemail-verificationgdpr
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification Safe to Use in 2026?

Generally Safe

Score 100/100

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 20d ago
Risk Assessment

The 'double-opt-in' plugin v3.7.2 exhibits a generally good security posture with a few areas that warrant attention. A significant strength is the plugin's adherence to secure coding practices, evidenced by a high percentage of SQL queries using prepared statements and properly escaped output. The absence of any recorded vulnerabilities (CVEs) or critical/high severity taint flows is highly positive, indicating a mature and likely well-tested codebase. However, the presence of four AJAX handlers without authentication checks represents a notable concern. These unprotected entry points could potentially be exploited to perform unintended actions if not properly secured at the application level. The plugin also has a moderately sized attack surface with 12 entry points in total, with a notable portion of these being unprotected.

Key Concerns

  • AJAX handlers without authentication checks
Vulnerabilities
None known

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
45 prepared
Unescaped Output
44
745 escaped
Nonce Checks
22
Capability Checks
20
File Operations
14
External Requests
1
Bundled Libraries
0

SQL Query Safety

88% prepared51 total queries

Output Escaping

94% escaped789 total outputs
Data Flows
All sanitized

Data Flow Analysis

14 flows
getTemplate (core\Ajax.class.php:51)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification Attack Surface

Entry Points12
Unprotected4

AJAX Handlers 12

authwp_ajax_f12_doi_detailscore\Ajax.class.php:33
authwp_ajax_f12_doi_templateloadercore\Ajax.class.php:34
authwp_ajax_doi_export_consentsrc\Admin\ConsentExportController.php:39
authwp_ajax_doi_get_form_settingssrc\Admin\FormSettingsController.php:71
authwp_ajax_doi_save_form_settingssrc\Admin\FormSettingsController.php:72
authwp_ajax_doi_toggle_formsrc\Admin\FormSettingsController.php:73
authwp_ajax_doi_get_all_formssrc\Admin\FormSettingsController.php:74
authwp_ajax_doi_resend_optin_mailsrc\Admin\ResendController.php:31
authwp_ajax_doi_export_consentsrc\Admin\SingleConsentExportController.php:42
authwp_ajax_f12_doi_templateloadersrc\EmailTemplates\EmailTemplateIntegration.php:53
authwp_ajax_doi_check_submission_errorsrc\Frontend\ErrorNotification.php:53
noprivwp_ajax_doi_check_submission_errorsrc\Frontend\ErrorNotification.php:54
WordPress Hooks 133
actioninitCF7DoubleOptIn.class.php:211
actionafter_setup_themeCF7DoubleOptIn.class.php:238
actionplugins_loadedCF7DoubleOptIn.class.php:458
actionadmin_initcompatibility\avada\AvadaFormOptions.class.php:33
actionadmin_enqueue_scriptscompatibility\avada\AvadaFormOptions.class.php:38
actionsave_postcompatibility\avada\AvadaFormOptions.class.php:43
filterawb_po_get_valuecompatibility\avada\AvadaFormOptions.class.php:48
filteravada_metabox_tabscompatibility\avada\AvadaFormOptions.class.php:153
filterf12_cf7_doubleoptin_avada_form_panelcompatibility\avada\AvadaFormOptions.class.php:158
actionwpcf7_save_contact_formcompatibility\avada\AvadaFormOptions.class.php:163
actionadmin_footercompatibility\avada\AvadaFormOptions.class.php:314
filterfusion_form_send_mail_argscompatibility\avada\AvadaFrontend.class.php:36
actionadmin_initcompatibility\cf7\Backend.class.php:24
actionadmin_enqueue_scriptscompatibility\cf7\Backend.class.php:25
filterf12_cf7_doubleoptin_get_parametercompatibility\cf7\Backend.class.php:26
filterwpcf7_editor_panelscompatibility\cf7\Backend.class.php:76
actionwpcf7_save_contact_formcompatibility\cf7\Backend.class.php:77
actionadmin_initcompatibility\cf7\CF7Backend.class.php:39
actionadmin_enqueue_scriptscompatibility\cf7\CF7Backend.class.php:44
filterwpcf7_editor_panelscompatibility\cf7\CF7Backend.class.php:121
actionwpcf7_save_contact_formcompatibility\cf7\CF7Backend.class.php:126
filterf12_cf7_doubleoptin_add_request_parametercompatibility\cf7\CF7ConditionalFields.class.php:41
filterf12_cf7_doubleoptin_bodycompatibility\cf7\CF7ConditionalFields.class.php:51
actionwpcf7_before_send_mailcompatibility\cf7\CF7Frontend.class.php:36
actionwpcf7_before_send_mailcompatibility\cf7\CF7Frontend.class.php:173
filterwpcf7_validatecompatibility\cf7\CF7Frontend.class.php:184
filterwpcf7_spamcompatibility\cf7\CF7Frontend.class.php:185
filterwpcf7_skip_spam_checkcompatibility\cf7\CF7Frontend.class.php:186
filterwpcf7_skip_mailcompatibility\cf7\CF7Frontend.class.php:310
filterf12_cf7_doubleoptin_add_request_parametercompatibility\cf7\ConditionalFields.class.php:31
filterf12_cf7_doubleoptin_bodycompatibility\cf7\ConditionalFields.class.php:32
actioninitcompatibility\cf7\Frontend.class.php:23
actionwpcf7_before_send_mailcompatibility\cf7\Frontend.class.php:24
actionshutdowncompatibility\cf7\Frontend.class.php:25
filterwpcf7_spamcompatibility\cf7\Frontend.class.php:100
filterwpcf7_spamcompatibility\cf7\Frontend.class.php:105
filterwpcf7_spamcompatibility\cf7\Frontend.class.php:106
actionwpcf7_mail_sentcompatibility\cf7\Frontend.class.php:107
filterwpcf7_skip_mailcompatibility\cf7\Frontend.class.php:287
actionadmin_enqueue_scriptscompatibility\cf7\WordPress_AdminTables_Columns_CF7.class.php:21
filtermanage_toplevel_page_wpcf7_columnscompatibility\cf7\WordPress_AdminTables_Columns_CF7.class.php:23
filterwpcf7_custom_defaultcompatibility\cf7\WordPress_AdminTables_Columns_CF7.class.php:24
actionf12_cf7_doubleoptin_before_send_default_mailcompatibility\OptInFrontend.class.php:109
actionf12_cf7_doubleoptin_after_send_default_mailcompatibility\OptInFrontend.class.php:114
actionf12_cf7_doubleoptin_trigger_default_mailcompatibility\OptInFrontend.class.php:119
actionshutdowncompatibility\OptInFrontend.class.php:124
actioninitcompatibility\OptInFrontend.class.php:129
actionwp_footercompatibility\OptInFrontend.class.php:134
actionf12_cf7_doubleoptin_validation_feedbackcompatibility\OptInFrontend.class.php:137
filterf12_cf7_captcha_is_installed_cf7compatibility\OptInFrontend.class.php:230
filterwpcf7_spamcompatibility\OptInFrontend.class.php:286
filterwpcf7_spamcompatibility\OptInFrontend.class.php:294
filterwpcf7_spamcompatibility\OptInFrontend.class.php:295
actionwpcf7_mail_sentcompatibility\OptInFrontend.class.php:296
filterwpcf7_validatecompatibility\OptInFrontend.class.php:346
actionadmin_noticescore\avada-deprecation-notice.php:12
actionadmin_initcore\avada-deprecation-notice.php:13
actionf12_cf7_doubleoptin_ui_table_optionscore\CategoryOptions.class.php:43
actionadmin_initcore\CategoryOptions.class.php:50
actiondailyOptinClearcore\CleanUp.class.php:42
actionafter_setup_themecore\Compatibility.class.php:39
actionf12_cf7_doubleoptin_ui_after_load_compatibilitiescore\Compatibility.class.php:44
actionf12_cf7_doubleoptin_ui_table_filtercore\OptInLimitFilter.class.php:36
actionf12_cf7_doubleoptin_ui_table_filtercore\OptInSearchFilter.class.php:36
filterf12_cf7_doubleoptin_pagination_linkcore\Pagination.class.php:36
actionadmin_noticescore\review.php:12
actionadmin_initcore\review.php:13
actionwp_footercore\Support.class.php:33
actionf12_cf7_doubleoptin_daily_telemetrycore\telemetry.php:174
filterpre_wp_mailcore\TestEmailBlocker.class.php:47
actionadmin_enqueue_scriptscore\UI.class.php:77
actionf12_cf7_doubleoptin_ui_after_load_pagescore\UI.class.php:81
actionf12_cf7_doubleoptin_ui_after_load_pagescore\UI.class.php:85
actioninitcore\UI.class.php:88
actionadmin_menucore\UI.class.php:94
actionadmin_headcore\UI.class.php:98
actionf12_cf7_doubleoptin_admin_menucore\UIMenu.class.php:29
filterf12_cf7_doubleoptin_settingscore\UIPage.class.php:69
actionwp_initialize_siteOnActivation.php:145
actionf12_cf7_doubleoptin_ui_view_optin_optionssrc\Admin\ResendController.php:32
actionf12_cf7_doubleoptin_sentsrc\Bridge\WordPressHookBridge.php:75
actionf12_cf7_doubleoptin_before_confirmsrc\Bridge\WordPressHookBridge.php:85
actionf12_cf7_doubleoptin_after_confirmsrc\Bridge\WordPressHookBridge.php:93
filterf12_cf7_doubleoptin_template_bodysrc\EmailTemplates\EmailTemplateIntegration.php:56
actionf12_cf7_doubleoptin_admin_panel_templatessrc\EmailTemplates\EmailTemplateIntegration.php:59
actionadmin_footersrc\EmailTemplates\EmailTemplateIntegration.php:228
actioninitsrc\EmailTemplates\EmailTemplatePostType.php:48
actioninitsrc\EmailTemplates\EmailTemplatePostType.php:49
actionrest_api_initsrc\EmailTemplates\EmailTemplateRestController.php:71
actionwp_enqueue_scriptssrc\Frontend\ErrorNotification.php:55
filterwpcf7_validatesrc\Integration\AbstractFormIntegration.php:704
filterwpcf7_spamsrc\Integration\AbstractFormIntegration.php:705
filterwpcf7_skip_spam_checksrc\Integration\AbstractFormIntegration.php:706
filterf12_cf7_captcha_is_installed_cf7src\Integration\AbstractFormIntegration.php:709
filterwpcf7_spamsrc\Integration\AbstractFormIntegration.php:746
filterwpcf7_spamsrc\Integration\AbstractFormIntegration.php:751
filterwpcf7_spamsrc\Integration\AbstractFormIntegration.php:752
actionwpcf7_mail_sentsrc\Integration\AbstractFormIntegration.php:753
filterwpcf7_validatesrc\Integration\AbstractFormIntegration.php:803
filterfusion_form_send_mail_argssrc\Integration\AvadaIntegration.php:123
actioninitsrc\Integration\AvadaIntegration.php:127
filterf12_cf7_doubleoptin_get_recipient_avadasrc\Integration\AvadaIntegration.php:130
actionf12_cf7_doubleoptin_trigger_default_mailsrc\Integration\AvadaIntegration.php:133
actionshutdownsrc\Integration\AvadaIntegration.php:136
actionadmin_initsrc\Integration\AvadaIntegration.php:150
actionadmin_enqueue_scriptssrc\Integration\AvadaIntegration.php:151
actionsave_postsrc\Integration\AvadaIntegration.php:152
filterawb_po_get_valuesrc\Integration\AvadaIntegration.php:153
filteravada_metabox_tabssrc\Integration\AvadaIntegration.php:162
filterf12_cf7_doubleoptin_avada_form_panelsrc\Integration\AvadaIntegration.php:163
actionwpcf7_before_send_mailsrc\Integration\CF7Integration.php:79
actioninitsrc\Integration\CF7Integration.php:80
actionshutdownsrc\Integration\CF7Integration.php:81
filterf12_cf7_doubleoptin_get_recipient_cf7src\Integration\CF7Integration.php:84
actionf12_cf7_doubleoptin_before_send_default_mailsrc\Integration\CF7Integration.php:87
actionf12_cf7_doubleoptin_after_send_default_mailsrc\Integration\CF7Integration.php:88
actionf12_cf7_doubleoptin_trigger_default_mailsrc\Integration\CF7Integration.php:89
actionadmin_initsrc\Integration\CF7Integration.php:103
actionadmin_enqueue_scriptssrc\Integration\CF7Integration.php:104
filterwpcf7_editor_panelssrc\Integration\CF7Integration.php:113
actionwpcf7_save_contact_formsrc\Integration\CF7Integration.php:114
filterwpcf7_skip_mailsrc\Integration\CF7Integration.php:257
filterwpcf7_skip_mailsrc\Integration\CF7Integration.php:274
actionwpcf7_before_send_mailsrc\Integration\CF7Integration.php:356
actioninitsrc\Providers\IntegrationServiceProvider.php:109
filterwp_privacy_personal_data_exporterssrc\Service\PrivacyIntegration.php:42
filterwp_privacy_personal_data_eraserssrc\Service\PrivacyIntegration.php:43
actionadmin_initui\UICategoriesView.class.php:28
actionadmin_enqueue_scriptsui\UIDashboard.class.php:38
filterf12_cf7_doubleoptin_show_settings_updated_messageui\UIDatabase.class.php:38
actionadmin_enqueue_scriptsui\UIEmailTemplateEditor.class.php:47
actionadmin_enqueue_scriptsui\UIEmailTemplates.class.php:45
actionadmin_enqueue_scriptsui\UIForms.class.php:52

Scheduled Events 2

f12_cf7_doubleoptin_daily_telemetry
dailyOptinClear
Maintenance & Trust

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 14, 2026
PHP min version8.0
Downloads16K

Community Trust

Rating100/100
Number of ratings8
Active installs1K
Alternatives

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification Alternatives

Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR)

Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR)

contact-form-7-image-captcha

A
100

Adds an Image CAPTCHA to Contact Form 7 and WPForms, GDPR ready, perfect WPForms or Contact Form 7 Spam Protection Image CAPTCHA, adds a honeypot

80K No CVEs
Inazo's flamingo automatically delete old messages

Inazo's flamingo automatically delete old messages

inazo-flamingo-automatically-delete-old-messages

A
92

This plugin help you to auto removed all information stored by flamingo.

4K No CVEs
OTP by Email for Contact Form 7

OTP by Email for Contact Form 7

otp-by-email

A
85

A small Contact Form 7 extension plugin to enable email confirmation by unique links sent to the email inbox.

80 No CVEs
Authyo OTP for Contact Form 7

Authyo OTP for Contact Form 7

authyo-otp-for-contact-form-7

A
100

Adds OTP verification (Email, SMS, WhatsApp, Voice Call) and Google Sheets Integration (with Multi-Sheet support) to Contact Form 7.

10 No CVEs
Valid Email Verification for Contact Form 7

Valid Email Verification for Contact Form 7

valid-email-verification-cf7

A
100

Adds duplicate email blocking and verification to Contact Form 7 to improve form security and reduce spam.

10 No CVEs
Developer Profile

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification Developer Profile

Forge12 Interactive GmbH

6 plugins · 12K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
76 days
View full developer profile
Detection Fingerprints

How We Detect Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/double-opt-in/core/css/f12-optin.css/wp-content/plugins/double-opt-in/core/js/f12-optin.js
Script Paths
/wp-content/plugins/double-opt-in/core/js/f12-optin.js
Version Parameters
double-opt-in/core/css/f12-optin.css?ver=double-opt-in/core/js/f12-optin.js?ver=

HTML / DOM Fingerprints

CSS Classes
f12-optin-form-wrapper
HTML Comments
Forge12 Double Opt-In - v3.7.2
Data Attributes
data-f12-optin-recipient-fielddata-f12-optin-confirmation-page
JS Globals
forge12OptIn
REST Endpoints
/wp-json/f12-cf7-doubleoptin/v1/resend
FAQ

Frequently Asked Questions about Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification