[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2x1YKFwJ0UGOnMt3NlhDmFlb_z3VfmNLqUxdb5B_dLA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":22,"security_score":23,"vuln_count":14,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":44,"crawl_stats":33,"alternatives":50,"analysis":51,"fingerprints":146},"dynamic-text-field-for-contact-form-7","Dynamic Text Field For Contact Form 7","1.0","silverplugins217","https:\u002F\u002Fprofiles.wordpress.org\u002Fsilverplugins217\u002F","\u003Cp>\u003Cstrong>Add Fields Dynamically Contact Form 7\u003C\u002Fstrong>  With it you can access a lot of post information e.g. title, slug, URL, ID, and even custom fields with shortcode values.\u003C\u002Fp>\n\u003Cp>This plugin is also used in hidden field values so you can add any value in the shortcode in the hidden field.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Dynamic text field for contact form 7\u003C\u002Fstrong>  plugin provides a new Shortcode type tag for the Contact Form 7 Plugin. It allows the dynamic generation of content for a text input box via any shortcode.\u003C\u002Fp>\n\u003Cp>if you want to set up contact form 7 dynamic hidden fields you can make dynamic data. easy to access all features perfectly\u003C\u002Fp>\n\u003Cp>you can use GET, POST, and REQUEST all variables dynamically in your contact form 7.\u003C\u002Fp>\n\u003Ch3>WITH THE CONTACT FORM 7 DYNAMIC FIELD PLUGIN YOU CAN:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easy to use\u003C\u002Fli>\n\u003Cli>Adding Tag, URL in custom fields.\u003C\u002Fli>\n\u003Cli>Using shortcode add post information.\u003C\u002Fli>\n\u003Cli>Custom text Field add here. \u003C\u002Fli>\n\u003Cli>Use Custom Value in a hidden field\u003C\u002Fli>\n\u003Cli>All posts, pages, and user all values populate in the custom shortcode Text field\u003C\u002Fli>\n\u003Cli>All posts, pages, and user all values populate in custom shortcode Hidden field\u003C\u002Fli>\n\u003Cli>Adding current posts and pages information – DYFCF7_get_post_title\u003C\u002Fli>\n\u003Cli>Adding current pages and posts URL – DYFCF7_page_url\u003C\u002Fli>\n\u003Cli>Adding current user information in all pages and posts – DYFCF7_get_current_user\u003C\u002Fli>\n\u003Cli>Adding custom fields values in all pages and posts – DYFCF7_get_custom_field key=’custom_key’\u003C\u002Fli>\n\u003Cli>Adding blog information – DYFCF7_get_bloginfo\u003C\u002Fli>\n\u003Cli>Adding product information in product pages – DYFCF7_get_product\u003C\u002Fli>\n\u003Cli>WPML Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>🌟 \u003Ca href=\"https:\u002F\u002Fwww.plugin999.com\u002Fdocs\u002Fdynamic-text-field-for-contact-form-7\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fem> | \u003Cem>🌟 \u003Ca href=\"https:\u002F\u002Fplugin999.com\u002Fdemo\u002Fdynamic-text-field-for-contact-form-7\u002F\" rel=\"nofollow ugc\">Demo\u003C\u002Fa>\u003C\u002Fem> | \u003Cem>🌟 \u003Ca href=\"https:\u002F\u002Fwww.plugin999.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>CONTRIBUTE AND TRANSLATE\u003C\u002Fh3>\n\u003Cp>The dynamic text field for contact form 7 is translated into multiple languages Chinese, Dutch, Russian, Spanish, and many more. Help localize calculation for contact form 7 even further by adding your locale Language. \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fdynamic-text-field-for-contact-form-7\u002F\" rel=\"nofollow ugc\">Click Here\u003C\u002Fa>\u003C\u002Fp>\n","Add Fields Dynamically Contact Form 7  With it you can access a lot of post information e.g. title, slug, URL, ID, and even custom fields with shortco &hellip;",1000,6543,100,1,"2026-01-31T05:13:00.000Z","6.9.4","5.5","",[20,4,21],"dynamic-hidden-field-for-contact-form-7","text-field-and-hidden-field-cf7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdynamic-text-field-for-contact-form-7.zip",99,0,"2025-09-09 00:00:00","2026-03-15T15:16:48.613Z",[28],{"id":29,"url_slug":30,"title":31,"description":32,"plugin_slug":4,"theme_slug":33,"affected_versions":34,"patched_in_version":35,"severity":36,"cvss_score":37,"cvss_vector":38,"vuln_type":39,"published_date":25,"updated_date":40,"references":41,"days_to_patch":43},"CVE-2025-58989","dynamic-text-field-for-contact-form-7-authenticated-contributor-stored-cross-site-scripting","Dynamic Text Field For Contact Form 7 \u003C= 2.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Dynamic Text Field For Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.0","1.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-15 18:10:35",[42],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F381ecc5f-5961-4756-9685-fda3990bc3a3?source=api-prod",7,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":45,"total_installs":46,"avg_security_score":23,"avg_patch_time_days":47,"trust_score":48,"computed_at":49},21,11590,10,93,"2026-04-04T19:57:56.724Z",[],{"attackSurface":52,"codeSignals":121,"taintFlows":132,"riskAssessment":133,"analyzedAt":145},{"hooks":53,"ajaxHandlers":98,"restRoutes":99,"shortcodes":100,"cronEvents":119,"entryPointCount":120,"unprotectedCount":24},[54,60,66,69,74,77,81,87,90,94],{"type":55,"name":56,"callback":57,"priority":47,"file":58,"line":59},"filter","plugin_row_meta","DYFCF7_support_and_rating_links","dynamic-text-field-for-contact-form-7.php",42,{"type":61,"name":62,"callback":63,"priority":47,"file":64,"line":65},"action","wpcf7_init","DYFCF7_add_form_tag_shortcodefield","main\\backend\\DYFCF7_frontend.php",9,{"type":61,"name":62,"callback":67,"priority":47,"file":64,"line":68},"DYFCF7_shortcodehidden",17,{"type":61,"name":70,"callback":71,"priority":72,"file":64,"line":73},"wpcf7_admin_init","DYFCF7_add_tag_generator_shortcodefield",18,284,{"type":61,"name":70,"callback":75,"priority":72,"file":64,"line":76},"DYFCF7_add_tag_generator_shortcodehidden",293,{"type":55,"name":78,"callback":79,"priority":47,"file":64,"line":80},"wpcf7_validate_shortcodefield*","DYFCF7_shortcodefield_validation_filter",302,{"type":61,"name":82,"callback":83,"priority":84,"file":85,"line":86},"admin_init","DYFCF7_load_plugin",11,"main\\resources\\DYFCF7-installation-require.php",3,{"type":61,"name":88,"callback":89,"file":85,"line":43},"admin_notices","DYFCF7_install_error",{"type":61,"name":91,"callback":92,"file":93,"line":86},"plugins_loaded","DYFCF7_load_textdomaindd_pro","main\\resources\\DYFCF7-language.php",{"type":55,"name":95,"callback":96,"priority":47,"file":93,"line":97},"load_textdomain_mofile","DYFCF7_load_my_own_textdomaindd_pro",16,[],[],[101,104,107,110,113,116],{"tag":102,"callback":102,"file":64,"line":103},"DYFCF7_get_post_title",95,{"tag":105,"callback":105,"file":64,"line":106},"DYFCF7_get_current_user",121,{"tag":108,"callback":108,"file":64,"line":109},"DYFCF7_get_custom_field",150,{"tag":111,"callback":111,"file":64,"line":112},"DYFCF7_page_url",162,{"tag":114,"callback":114,"file":64,"line":115},"DYFCF7_get_product",185,{"tag":117,"callback":117,"file":64,"line":118},"DYFCF7_get_bloginfo",203,[],6,{"dangerousFunctions":122,"sqlUsage":123,"outputEscaping":125,"fileOperations":24,"externalRequests":24,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":131},[],{"prepared":24,"raw":24,"locations":124},[],{"escaped":126,"rawEcho":14,"locations":127},12,[128],{"file":64,"line":129,"context":130},275,"raw output",[],[],{"summary":134,"deductions":135},"The plugin 'dynamic-text-field-for-contact-form-7' version 1.0 presents a mixed security posture.  Static analysis shows good practices in several areas, including no dangerous functions, no file operations, no external HTTP requests, and 100% of SQL queries utilizing prepared statements.  Furthermore, output escaping is generally well-handled with 92% of outputs properly escaped, and there are no identified taint flows with unsanitized paths. This indicates a conscientious approach to preventing common vulnerabilities. \n\nHowever, there are notable areas of concern. The plugin has a history of one known CVE, specifically a Cross-site Scripting (XSS) vulnerability, which is concerning despite being currently patched. The static analysis reveals a complete absence of nonce checks and capability checks across all entry points, which are critical for preventing unauthorized actions and ensuring that only legitimate users can trigger certain plugin functionalities.  While the attack surface is limited to shortcodes, the lack of these security mechanisms on these entry points represents a significant weakness. \n\nIn conclusion, while the plugin demonstrates strengths in secure coding practices like prepared statements and output escaping, the lack of nonce and capability checks on its shortcode entry points is a significant oversight. The past XSS vulnerability, though patched, highlights a historical weakness that warrants careful monitoring. The absence of these fundamental security checks means that the plugin's core functionality is potentially vulnerable to attacks that could exploit its entry points.",[136,138,140,143],{"reason":137,"points":47},"No nonce checks on entry points",{"reason":139,"points":47},"No capability checks on entry points",{"reason":141,"points":142},"Past XSS vulnerability (though patched)",5,{"reason":144,"points":86},"Minor unescaped output instances","2026-03-16T19:02:04.300Z",{"wat":147,"direct":155},{"assetPaths":148,"generatorPatterns":152,"scriptPaths":153,"versionParams":154},[149,150,151],"\u002Fwp-content\u002Fplugins\u002Fdynamic-text-field-for-contact-form-7\u002Fmain\u002Fbackend\u002FDYFCF7_frontend.php","\u002Fwp-content\u002Fplugins\u002Fdynamic-text-field-for-contact-form-7\u002Fmain\u002Fresources\u002FDYFCF7-installation-require.php","\u002Fwp-content\u002Fplugins\u002Fdynamic-text-field-for-contact-form-7\u002Fmain\u002Fresources\u002FDYFCF7-language.php",[],[],[],{"cssClasses":156,"htmlComments":158,"htmlAttributes":159,"restEndpoints":162,"jsGlobals":163,"shortcodeOutput":164},[157],"wpcf7-validates-as-shortcodefield",[],[160,161],"data-tag-part","data-tag-option",[],[],[165,166,167,168,169,170],"[DYFCF7_get_post_title]","[DYFCF7_get_current_user]","[DYFCF7_get_custom_field]","[DYFCF7_page_url]","[DYFCF7_get_product]","[DYFCF7_get_bloginfo]"]