WP-Safety

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification Security & Risk Analysis

wordpress.org/plugins/double-opt-in

Protect your forms with GDPR-compliant Double Opt-In. Ensure valid emails, prevent fake signups, and stay compliant with Contact Form 7 and Avada.

1K active installs v3.7.2 PHP 8.0+ WP 5.0+ Updated Mar 14, 2026
avadacontact-form-7double-opt-inemail-verificationgdpr
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification Safe to Use in 2026?

Generally Safe

Score 100/100

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The 'double-opt-in' plugin v3.7.2 exhibits a generally good security posture with a few areas that warrant attention. A significant strength is the plugin's adherence to secure coding practices, evidenced by a high percentage of SQL queries using prepared statements and properly escaped output. The absence of any recorded vulnerabilities (CVEs) or critical/high severity taint flows is highly positive, indicating a mature and likely well-tested codebase. However, the presence of four AJAX handlers without authentication checks represents a notable concern. These unprotected entry points could potentially be exploited to perform unintended actions if not properly secured at the application level. The plugin also has a moderately sized attack surface with 12 entry points in total, with a notable portion of these being unprotected.

Key Concerns

  • AJAX handlers without authentication checks
Vulnerabilities
None known

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification Release Timeline

v3.7.1
v3.7.0
v3.6.0
v3.5.0
v3.4.0
v3.2.1
v3.1.2
v3.1.0
v3.0.72
v3.0.71
v3.0.70
v3.0.62
v3.0.61
v3.0.60
v3.0.51
v3.0.5
v3.0.3
v3.0.2
v3.0.1
v3.0.0
Code Analysis
Analyzed Mar 16, 2026

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
45 prepared
Unescaped Output
44
745 escaped
Nonce Checks
22
Capability Checks
20
File Operations
14
External Requests
1
Bundled Libraries
0

SQL Query Safety

88% prepared51 total queries

Output Escaping

94% escaped789 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

14 flows
getTemplate (core\Ajax.class.php:51)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification Attack Surface

Entry Points12
Unprotected4

AJAX Handlers 12

authwp_ajax_f12_doi_detailscore\Ajax.class.php:33
authwp_ajax_f12_doi_templateloadercore\Ajax.class.php:34
authwp_ajax_doi_export_consentsrc\Admin\ConsentExportController.php:39
authwp_ajax_doi_get_form_settingssrc\Admin\FormSettingsController.php:71
authwp_ajax_doi_save_form_settingssrc\Admin\FormSettingsController.php:72
authwp_ajax_doi_toggle_formsrc\Admin\FormSettingsController.php:73
authwp_ajax_doi_get_all_formssrc\Admin\FormSettingsController.php:74
authwp_ajax_doi_resend_optin_mailsrc\Admin\ResendController.php:31
authwp_ajax_doi_export_consentsrc\Admin\SingleConsentExportController.php:42
authwp_ajax_f12_doi_templateloadersrc\EmailTemplates\EmailTemplateIntegration.php:53
authwp_ajax_doi_check_submission_errorsrc\Frontend\ErrorNotification.php:53
noprivwp_ajax_doi_check_submission_errorsrc\Frontend\ErrorNotification.php:54
WordPress Hooks 133
actioninitCF7DoubleOptIn.class.php:211
actionafter_setup_themeCF7DoubleOptIn.class.php:238
actionplugins_loadedCF7DoubleOptIn.class.php:458
actionadmin_initcompatibility\avada\AvadaFormOptions.class.php:33
actionadmin_enqueue_scriptscompatibility\avada\AvadaFormOptions.class.php:38
actionsave_postcompatibility\avada\AvadaFormOptions.class.php:43
filterawb_po_get_valuecompatibility\avada\AvadaFormOptions.class.php:48
filteravada_metabox_tabscompatibility\avada\AvadaFormOptions.class.php:153
filterf12_cf7_doubleoptin_avada_form_panelcompatibility\avada\AvadaFormOptions.class.php:158
actionwpcf7_save_contact_formcompatibility\avada\AvadaFormOptions.class.php:163
actionadmin_footercompatibility\avada\AvadaFormOptions.class.php:314
filterfusion_form_send_mail_argscompatibility\avada\AvadaFrontend.class.php:36
actionadmin_initcompatibility\cf7\Backend.class.php:24
actionadmin_enqueue_scriptscompatibility\cf7\Backend.class.php:25
filterf12_cf7_doubleoptin_get_parametercompatibility\cf7\Backend.class.php:26
filterwpcf7_editor_panelscompatibility\cf7\Backend.class.php:76
actionwpcf7_save_contact_formcompatibility\cf7\Backend.class.php:77
actionadmin_initcompatibility\cf7\CF7Backend.class.php:39
actionadmin_enqueue_scriptscompatibility\cf7\CF7Backend.class.php:44
filterwpcf7_editor_panelscompatibility\cf7\CF7Backend.class.php:121
actionwpcf7_save_contact_formcompatibility\cf7\CF7Backend.class.php:126
filterf12_cf7_doubleoptin_add_request_parametercompatibility\cf7\CF7ConditionalFields.class.php:41
filterf12_cf7_doubleoptin_bodycompatibility\cf7\CF7ConditionalFields.class.php:51
actionwpcf7_before_send_mailcompatibility\cf7\CF7Frontend.class.php:36
actionwpcf7_before_send_mailcompatibility\cf7\CF7Frontend.class.php:173
filterwpcf7_validatecompatibility\cf7\CF7Frontend.class.php:184
filterwpcf7_spamcompatibility\cf7\CF7Frontend.class.php:185
filterwpcf7_skip_spam_checkcompatibility\cf7\CF7Frontend.class.php:186
filterwpcf7_skip_mailcompatibility\cf7\CF7Frontend.class.php:310
filterf12_cf7_doubleoptin_add_request_parametercompatibility\cf7\ConditionalFields.class.php:31
filterf12_cf7_doubleoptin_bodycompatibility\cf7\ConditionalFields.class.php:32
actioninitcompatibility\cf7\Frontend.class.php:23
actionwpcf7_before_send_mailcompatibility\cf7\Frontend.class.php:24
actionshutdowncompatibility\cf7\Frontend.class.php:25
filterwpcf7_spamcompatibility\cf7\Frontend.class.php:100
filterwpcf7_spamcompatibility\cf7\Frontend.class.php:105
filterwpcf7_spamcompatibility\cf7\Frontend.class.php:106
actionwpcf7_mail_sentcompatibility\cf7\Frontend.class.php:107
filterwpcf7_skip_mailcompatibility\cf7\Frontend.class.php:287
actionadmin_enqueue_scriptscompatibility\cf7\WordPress_AdminTables_Columns_CF7.class.php:21
filtermanage_toplevel_page_wpcf7_columnscompatibility\cf7\WordPress_AdminTables_Columns_CF7.class.php:23
filterwpcf7_custom_defaultcompatibility\cf7\WordPress_AdminTables_Columns_CF7.class.php:24
actionf12_cf7_doubleoptin_before_send_default_mailcompatibility\OptInFrontend.class.php:109
actionf12_cf7_doubleoptin_after_send_default_mailcompatibility\OptInFrontend.class.php:114
actionf12_cf7_doubleoptin_trigger_default_mailcompatibility\OptInFrontend.class.php:119
actionshutdowncompatibility\OptInFrontend.class.php:124
actioninitcompatibility\OptInFrontend.class.php:129
actionwp_footercompatibility\OptInFrontend.class.php:134
actionf12_cf7_doubleoptin_validation_feedbackcompatibility\OptInFrontend.class.php:137
filterf12_cf7_captcha_is_installed_cf7compatibility\OptInFrontend.class.php:230
filterwpcf7_spamcompatibility\OptInFrontend.class.php:286
filterwpcf7_spamcompatibility\OptInFrontend.class.php:294
filterwpcf7_spamcompatibility\OptInFrontend.class.php:295
actionwpcf7_mail_sentcompatibility\OptInFrontend.class.php:296
filterwpcf7_validatecompatibility\OptInFrontend.class.php:346
actionadmin_noticescore\avada-deprecation-notice.php:12
actionadmin_initcore\avada-deprecation-notice.php:13
actionf12_cf7_doubleoptin_ui_table_optionscore\CategoryOptions.class.php:43
actionadmin_initcore\CategoryOptions.class.php:50
actiondailyOptinClearcore\CleanUp.class.php:42
actionafter_setup_themecore\Compatibility.class.php:39
actionf12_cf7_doubleoptin_ui_after_load_compatibilitiescore\Compatibility.class.php:44
actionf12_cf7_doubleoptin_ui_table_filtercore\OptInLimitFilter.class.php:36
actionf12_cf7_doubleoptin_ui_table_filtercore\OptInSearchFilter.class.php:36
filterf12_cf7_doubleoptin_pagination_linkcore\Pagination.class.php:36
actionadmin_noticescore\review.php:12
actionadmin_initcore\review.php:13
actionwp_footercore\Support.class.php:33
actionf12_cf7_doubleoptin_daily_telemetrycore\telemetry.php:174
filterpre_wp_mailcore\TestEmailBlocker.class.php:47
actionadmin_enqueue_scriptscore\UI.class.php:77
actionf12_cf7_doubleoptin_ui_after_load_pagescore\UI.class.php:81
actionf12_cf7_doubleoptin_ui_after_load_pagescore\UI.class.php:85
actioninitcore\UI.class.php:88
actionadmin_menucore\UI.class.php:94
actionadmin_headcore\UI.class.php:98
actionf12_cf7_doubleoptin_admin_menucore\UIMenu.class.php:29
filterf12_cf7_doubleoptin_settingscore\UIPage.class.php:69
actionwp_initialize_siteOnActivation.php:145
actionf12_cf7_doubleoptin_ui_view_optin_optionssrc\Admin\ResendController.php:32
actionf12_cf7_doubleoptin_sentsrc\Bridge\WordPressHookBridge.php:75
actionf12_cf7_doubleoptin_before_confirmsrc\Bridge\WordPressHookBridge.php:85
actionf12_cf7_doubleoptin_after_confirmsrc\Bridge\WordPressHookBridge.php:93
filterf12_cf7_doubleoptin_template_bodysrc\EmailTemplates\EmailTemplateIntegration.php:56
actionf12_cf7_doubleoptin_admin_panel_templatessrc\EmailTemplates\EmailTemplateIntegration.php:59
actionadmin_footersrc\EmailTemplates\EmailTemplateIntegration.php:228
actioninitsrc\EmailTemplates\EmailTemplatePostType.php:48
actioninitsrc\EmailTemplates\EmailTemplatePostType.php:49
actionrest_api_initsrc\EmailTemplates\EmailTemplateRestController.php:71
actionwp_enqueue_scriptssrc\Frontend\ErrorNotification.php:55
filterwpcf7_validatesrc\Integration\AbstractFormIntegration.php:704
filterwpcf7_spamsrc\Integration\AbstractFormIntegration.php:705
filterwpcf7_skip_spam_checksrc\Integration\AbstractFormIntegration.php:706
filterf12_cf7_captcha_is_installed_cf7src\Integration\AbstractFormIntegration.php:709
filterwpcf7_spamsrc\Integration\AbstractFormIntegration.php:746
filterwpcf7_spamsrc\Integration\AbstractFormIntegration.php:751
filterwpcf7_spamsrc\Integration\AbstractFormIntegration.php:752
actionwpcf7_mail_sentsrc\Integration\AbstractFormIntegration.php:753
filterwpcf7_validatesrc\Integration\AbstractFormIntegration.php:803
filterfusion_form_send_mail_argssrc\Integration\AvadaIntegration.php:123
actioninitsrc\Integration\AvadaIntegration.php:127
filterf12_cf7_doubleoptin_get_recipient_avadasrc\Integration\AvadaIntegration.php:130
actionf12_cf7_doubleoptin_trigger_default_mailsrc\Integration\AvadaIntegration.php:133
actionshutdownsrc\Integration\AvadaIntegration.php:136
actionadmin_initsrc\Integration\AvadaIntegration.php:150
actionadmin_enqueue_scriptssrc\Integration\AvadaIntegration.php:151
actionsave_postsrc\Integration\AvadaIntegration.php:152
filterawb_po_get_valuesrc\Integration\AvadaIntegration.php:153
filteravada_metabox_tabssrc\Integration\AvadaIntegration.php:162
filterf12_cf7_doubleoptin_avada_form_panelsrc\Integration\AvadaIntegration.php:163
actionwpcf7_before_send_mailsrc\Integration\CF7Integration.php:79
actioninitsrc\Integration\CF7Integration.php:80
actionshutdownsrc\Integration\CF7Integration.php:81
filterf12_cf7_doubleoptin_get_recipient_cf7src\Integration\CF7Integration.php:84
actionf12_cf7_doubleoptin_before_send_default_mailsrc\Integration\CF7Integration.php:87
actionf12_cf7_doubleoptin_after_send_default_mailsrc\Integration\CF7Integration.php:88
actionf12_cf7_doubleoptin_trigger_default_mailsrc\Integration\CF7Integration.php:89
actionadmin_initsrc\Integration\CF7Integration.php:103
actionadmin_enqueue_scriptssrc\Integration\CF7Integration.php:104
filterwpcf7_editor_panelssrc\Integration\CF7Integration.php:113
actionwpcf7_save_contact_formsrc\Integration\CF7Integration.php:114
filterwpcf7_skip_mailsrc\Integration\CF7Integration.php:257
filterwpcf7_skip_mailsrc\Integration\CF7Integration.php:274
actionwpcf7_before_send_mailsrc\Integration\CF7Integration.php:356
actioninitsrc\Providers\IntegrationServiceProvider.php:109
filterwp_privacy_personal_data_exporterssrc\Service\PrivacyIntegration.php:42
filterwp_privacy_personal_data_eraserssrc\Service\PrivacyIntegration.php:43
actionadmin_initui\UICategoriesView.class.php:28
actionadmin_enqueue_scriptsui\UIDashboard.class.php:38
filterf12_cf7_doubleoptin_show_settings_updated_messageui\UIDatabase.class.php:38
actionadmin_enqueue_scriptsui\UIEmailTemplateEditor.class.php:47
actionadmin_enqueue_scriptsui\UIEmailTemplates.class.php:45
actionadmin_enqueue_scriptsui\UIForms.class.php:52

Scheduled Events 2

f12_cf7_doubleoptin_daily_telemetry
dailyOptinClear
Maintenance & Trust

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 14, 2026
PHP min version8.0
Downloads17K

Community Trust

Rating100/100
Number of ratings8
Active installs1K
Alternatives

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification Alternatives

Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR)

Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR)

contact-form-7-image-captcha

A
100

Adds an Image CAPTCHA to Contact Form 7 and WPForms, GDPR ready, perfect WPForms or Contact Form 7 Spam Protection Image CAPTCHA, adds a honeypot

80K No CVEs
Inazo's flamingo automatically delete old messages

Inazo's flamingo automatically delete old messages

inazo-flamingo-automatically-delete-old-messages

A
92

This plugin help you to auto removed all information stored by flamingo.

4K No CVEs
OTP by Email for Contact Form 7

OTP by Email for Contact Form 7

otp-by-email

A
85

A small Contact Form 7 extension plugin to enable email confirmation by unique links sent to the email inbox.

80 No CVEs
Authyo OTP for Contact Form 7

Authyo OTP for Contact Form 7

authyo-otp-for-contact-form-7

A
100

Adds OTP verification (Email, SMS, WhatsApp, Voice Call) and Google Sheets Integration (with Multi-Sheet support) to Contact Form 7.

10 No CVEs
Valid Email Verification for Contact Form 7

Valid Email Verification for Contact Form 7

valid-email-verification-cf7

A
100

Adds duplicate email blocking and verification to Contact Form 7 to improve form security and reduce spam.

10 No CVEs
Developer Profile

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification Developer Profile

Forge12 Interactive GmbH

6 plugins · 12K total installs

86
trust score
Avg Security Score
97/100
Avg Patch Time
76 days
View full developer profile
Detection Fingerprints

How We Detect Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/double-opt-in/core/css/f12-optin.css/wp-content/plugins/double-opt-in/core/js/f12-optin.js
Script Paths
/wp-content/plugins/double-opt-in/core/js/f12-optin.js
Version Parameters
double-opt-in/core/css/f12-optin.css?ver=double-opt-in/core/js/f12-optin.js?ver=

HTML / DOM Fingerprints

CSS Classes
f12-optin-form-wrapper
HTML Comments
Forge12 Double Opt-In - v3.7.2
Data Attributes
data-f12-optin-recipient-fielddata-f12-optin-confirmation-page
JS Globals
forge12OptIn
REST Endpoints
/wp-json/f12-cf7-doubleoptin/v1/resend
FAQ

Frequently Asked Questions about Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification