Does Double Opt-in for CF7 have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Double Opt-in for CF7 compatible with WordPress 5.9.13?

According to WordPress.org data, Double Opt-in for CF7 1.0.1 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

Is Double Opt-in for CF7 compatible with PHP 7.0+?

Double Opt-in for CF7 requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Double Opt-in for CF7 updated?

Double Opt-in for CF7 was last updated on Jun 2, 2025. Frequent updates are generally a positive security signal.

What is Double Opt-in for CF7's security score?

Double Opt-in for CF7 has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Double Opt-in for CF7 Security & Risk Analysis

wordpress.org/plugins/double-opt-in-for-cf7

This plugin adds a double opt-in functionality to CF7 forms.

100 active installs v1.0.1 PHP 7.0+ WP 5.3+ Updated Jun 2, 2025

accessibilitycontactcontact-formemailmultilingual

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Double Opt-in for CF7 Safe to Use in 2026?

Generally Safe

Score 100/100

Double Opt-in for CF7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

The plugin "double-opt-in-for-cf7" v1.0.1 presents a generally good security posture, with no known past vulnerabilities or critical findings in taint analysis. The static analysis shows a very limited attack surface, with all identified entry points either implicitly or explicitly protected by WordPress's security mechanisms. The plugin also demonstrates good practices in terms of capability checks and nonce usage for its identified entry points.

However, the static analysis does reveal two instances of the `unserialize` function, which is a known potential vector for remote code execution if an attacker can control the serialized data passed to it. While there are no external HTTP requests or raw SQL queries without prepared statements, and output escaping is reasonably well-handled, the presence of `unserialize` warrants careful consideration. The lack of recorded vulnerabilities historically is a positive indicator, suggesting the developers may be security-conscious, but it does not negate the inherent risks associated with using potentially dangerous functions.

Key Concerns

Use of unserialize function

Vulnerabilities

None known

Double Opt-in for CF7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Double Opt-in for CF7 Release Timeline

v1.0.1Current

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

Double Opt-in for CF7 Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

91 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$valarray = @unserialize($key_value);// Disabling PHP Notice when value is not serializedinc\optin-submission-class.php:124

unserialize$form_data = unserialize($submission->form_value);inc\optin-submission-class.php:146

SQL Query Safety

50% prepared4 total queries

Output Escaping

65% escaped140 total outputs

Attack Surface

Double Opt-in for CF7 Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[cf7doubleoptin] cf7-optin.php:113

WordPress Hooks 33

actionadmin_menuadmin\cf7optin-admin.php:16

actionadmin_enqueue_scriptsadmin\cf7optin-admin.php:53

filterflamingo_csv_value_separatoradmin\cf7optin-admin.php:61

filterflamingo_csv_quotationadmin\cf7optin-admin.php:62

actionadmin_initadmin\cf7optin-admin.php:65

actionadmin_initadmin\cf7optin-admin.php:156

actionwpcf7_admin_noticesadmin\cf7optin-admin.php:371

actioninitadmin\cf7optin-admin.php:412

actionpost_edit_form_tagadmin\cf7optin-admin.php:586

actionsave_postadmin\cf7optin-admin.php:591

actionmanage_posts_custom_columnadmin\cf7optin-admin.php:706

filtermanage_cf7optin_settings_posts_columnsadmin\cf7optin-admin.php:712

actionadmin_noticesadmin\cf7optin-admin.php:810

actionadmin_noticesadmin\cf7optin-admin.php:815

actionadmin_initadmin\cf7optin-admin.php:818

actionadmin_initadmin\cf7optin-admin.php:826

actionadmin_noticesadmin\cf7optin-admin.php:852

actionadmin_noticesadmin\cf7optin-admin.php:962

filtermanage_flamingo_inbound_posts_columnsadmin\cf7optin-admin.php:972

actionmanage_flamingo_inbound_posts_custom_columnadmin\cf7optin-admin.php:974

actionplugins_loadedcf7-optin.php:27

actionadmin_noticescf7-optin.php:38

actionadmin_initcf7-optin.php:47

actionadmin_noticescf7-optin.php:54

actionadmin_initcf7-optin.php:57

actionwp_enqueue_scriptscf7-optin.php:93

filterwpcf7_validate_email*cf7-optin.php:120

filterwpcf7_validate_checkboxcf7-optin.php:138

filterwpcf7_validate_checkbox*cf7-optin.php:139

filterwpcf7_validate_radiocf7-optin.php:157

actiontemplate_redirectcf7-optin.php:217

filterwpcf7_mail_componentscf7-optin.php:337

actionwpcf7_before_send_mailcf7-optin.php:591

Maintenance & Trust

Double Opt-in for CF7 Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedJun 2, 2025

PHP min version7.0

Downloads3K

Community Trust

Rating70/100

Number of ratings2

Active installs100

Alternatives

Double Opt-in for CF7 Alternatives

Creative Mail – Easier WordPress & WooCommerce Email Marketing

creative-mail-by-constant-contact

Creative Mail was designed specifically for WordPress and WooCommerce. Our intelligent (and super fun) email editor simplifies email marketing campaig …

300K 1 unpatched

Gravity PDF

gravity-forms-pdf-extended

100

Automatically generate, email and download PDF documents from Gravity Forms entries

20K 1 CVE

HTML Forms – Simple WordPress Forms Plugin

html-forms

A simpler, faster, and smarter WordPress forms plugin.

10K 9 CVEs

WPZOOM Forms – Drag & Drop Contact Form Builder for WordPress

wpzoom-forms

100

Drag & drop contact form builder for WordPress. Create contact forms, custom forms, email forms with spam protection. Works with Elementor, shortcodes

10K No CVEs

Contact Form Email

contact-form-to-email

Contact form with visual form builder. Contact form that sends the data to email, to a database list and to CSV / Excel files.

9K 17 CVEs

Developer Profile

Double Opt-in for CF7 Developer Profile

Krzysztof Busłowicz

1 plugin · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Double Opt-in for CF7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/double-opt-in-for-cf7/inc/js/cf7optin.js/wp-content/plugins/double-opt-in-for-cf7/inc/css/cf7optin.css/wp-content/plugins/double-opt-in-for-cf7/inc/js/cf7optin-fileinput.js

Script Paths

inc/js/cf7optin.jsinc/js/cf7optin-fileinput.js

Version Parameters

cf7optin-js?ver=cf7optin-style?ver=cf7optin-input-js?ver=

HTML / DOM Fingerprints

HTML Comments

JS Globals

cf7optinWarningcf7optinInput

Shortcode Output

[cf7doubleoptin]

FAQ