Does Email Templates for Contact Form 7 have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Email Templates for Contact Form 7 compatible with WordPress 6.9.4?

According to WordPress.org data, Email Templates for Contact Form 7 2.0.22 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Email Templates for Contact Form 7 compatible with PHP 7.4+?

Email Templates for Contact Form 7 requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Email Templates for Contact Form 7 updated?

Email Templates for Contact Form 7 was last updated on Apr 2, 2026. Frequent updates are generally a positive security signal.

What is Email Templates for Contact Form 7's security score?

Email Templates for Contact Form 7 has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Email Templates for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/email-templates-for-contact-form-7

Client-friendly HTML email templates for Contact Form 7, with a visual editor and live preview.

0 active installs v2.0.22 PHP 7.4+ WP 5.8+ Updated Apr 2, 2026

cf7contact-formcontact-form-7emailemail-templates

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Email Templates for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 100/100

Email Templates for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "email-templates-for-contact-form-7" plugin exhibits a generally good security posture based on the provided static analysis. The plugin demonstrates strong adherence to WordPress security best practices, with all identified AJAX handlers and REST API routes appearing to have proper authentication and permission checks. The extensive use of prepared statements for SQL queries and a very high percentage of properly escaped output are significant strengths, minimizing the risk of SQL injection and cross-site scripting vulnerabilities. The presence of nonces and capability checks further reinforces its defensive coding practices.

However, the taint analysis reveals areas for improvement. Five out of eight analyzed flows have unsanitized paths, with three identified as high severity. While the static analysis did not immediately classify these as exploitable vulnerabilities (e.g., leading to SQL injection), unsanitized paths can be precursors to such issues if they are combined with other vulnerable code constructs or improper handling of user-supplied data. The plugin's vulnerability history is notably clean, with no recorded CVEs, which suggests a history of responsible development and timely patching. This, combined with the current robust code practices, indicates a generally secure plugin, but the high number of unsanitized paths warrants a closer look to ensure no latent risks exist.

Key Concerns

High severity taint flows with unsanitized paths
Multiple flows with unsanitized paths
Bundled Freemius library v1.0

Vulnerabilities

None known

Email Templates for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Email Templates for Contact Form 7 Release Timeline

v2.0.22Current

v2.0.21

v2.0.20

v2.0.19

v2.0.18

v2.0.17

v2.0.16

v2.0.15

v2.0.14

v2.0.13

v2.0.12

v2.0.11

v2.0.10

v2.0.9

v2.0.8

Code Analysis

Analyzed Apr 16, 2026

Email Templates for Contact Form 7 Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

428 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared6 total queries

Output Escaping

99% escaped431 total outputs

Data Flows · Security

5 unsanitized

Data Flow Analysis

8 flows5 with unsanitized paths

render_editor_page (includes/class-etcf7-cf7-integration.php:702)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Email Templates for Contact Form 7 Attack Surface

Entry Points15

Unprotected0

AJAX Handlers 15

authwp_ajax_etcf7_save_automation_ruleincludes/class-etcf7-automation-admin.php:20

authwp_ajax_etcf7_delete_automation_ruleincludes/class-etcf7-automation-admin.php:21

authwp_ajax_etcf7_toggle_automation_ruleincludes/class-etcf7-automation-admin.php:22

authwp_ajax_etcf7_get_form_fieldsincludes/class-etcf7-automation-admin.php:23

authwp_ajax_etcf7_get_rules_for_formincludes/class-etcf7-automation-admin.php:24

authwp_ajax_etcf7_get_ruleincludes/class-etcf7-automation-admin.php:25

authwp_ajax_etcf7_save_slack_settingsincludes/class-etcf7-automation-admin.php:26

authwp_ajax_etcf7_test_slackincludes/class-etcf7-automation-admin.php:27

authwp_ajax_etcf7_save_template_valuesincludes/class-etcf7-cf7-integration.php:29

authwp_ajax_etcf7_delete_saved_formincludes/class-etcf7-cf7-integration.php:30

authwp_ajax_etcf7_create_versionincludes/class-etcf7-cf7-integration.php:31

authwp_ajax_etcf7_create_versionincludes/class-etcf7-version-admin.php:20

authwp_ajax_etcf7_delete_versionincludes/class-etcf7-version-admin.php:21

authwp_ajax_etcf7_set_active_versionincludes/class-etcf7-version-admin.php:22

authwp_ajax_etcf7_compare_versionsincludes/class-etcf7-version-admin.php:23

WordPress Hooks 20

actionplugins_loadedemail-templates-cf7.php:50

actionadmin_noticesemail-templates-cf7.php:55

actionplugins_loadedemail-templates-cf7.php:82

actionadmin_menuincludes/class-etcf7-automation-admin.php:18

actionadmin_enqueue_scriptsincludes/class-etcf7-automation-admin.php:19

actioninitincludes/class-etcf7-automation.php:31

filtercron_schedulesincludes/class-etcf7-automation.php:33

actionetcf7_process_automation_queueincludes/class-etcf7-automation.php:35

actionwpcf7_mail_sentincludes/class-etcf7-automation.php:67

actionwpcf7_mail_sentincludes/class-etcf7-automation.php:68

filtercron_schedulesincludes/class-etcf7-automation.php:159

actioninitincludes/class-etcf7-cf7-integration.php:22

actioninitincludes/class-etcf7-cf7-integration.php:23

filterwpcf7_editor_panelsincludes/class-etcf7-cf7-integration.php:24

filterwpcf7_mail_componentsincludes/class-etcf7-cf7-integration.php:25

actionwpcf7_save_contact_formincludes/class-etcf7-cf7-integration.php:26

actionadmin_enqueue_scriptsincludes/class-etcf7-cf7-integration.php:27

actionadmin_menuincludes/class-etcf7-cf7-integration.php:28

actionadmin_menuincludes/class-etcf7-version-admin.php:18

actionadmin_enqueue_scriptsincludes/class-etcf7-version-admin.php:19

Scheduled Events 1

etcf7_process_automation_queue

Maintenance & Trust

Email Templates for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 2, 2026

PHP min version7.4

Downloads467

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Email Templates for Contact Form 7 Alternatives

Contact Form 7 Confirm Email Field

contact-form-7-confirm-email-feild

Add a confirm email field to Contact Form 7.

2K No CVEs

HTML Template for CF7

cf7-html-email-template-extension

100

Improve your Contact Form 7 emails with a HTML Template.

1K No CVEs

Contact Form 7 – Blacklist Unwanted Email

block-email-cf7

This is a free add-on plugin for contact form 7, which validates the email field and restrict unwanted email submission as well as allowed only busine …

400 No CVEs

User Info In Email For Contact Form 7

user-info-in-email-for-contact-form-7

This plugin is adding the user's internet provider information (based on IP address), to the body of the email. Contact Form 7 Plugin required.

100 No CVEs

Dynamic Recipients for Contact Form 7

dynamic-recipients-cf7

100

Add recipient dropdowns to Contact Form 7. Let visitors route their messages to the right person or department without exposing email addresses.

30 No CVEs

Developer Profile

Email Templates for Contact Form 7 Developer Profile

lapashanga

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Email Templates for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/email-templates-for-contact-form-7/assets/js/automation-admin.js/wp-content/plugins/email-templates-for-contact-form-7/assets/css/automation-admin.css

Script Paths

/wp-content/plugins/email-templates-for-contact-form-7/assets/js/automation-admin.js

Version Parameters

email-templates-for-contact-form-7/assets/js/automation-admin.js?ver=email-templates-for-contact-form-7/assets/css/automation-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

etcf7-automation-containeretcf7-automation-sidebaretcf7-automation-form-selectoretcf7-automation-rules-listetcf7-automation-editoretcf7-automation-editor-emptyetcf7-automation-editor-contentetcf7-automation-rule-form+1 more

Data Attributes

data-rule-id

JS Globals

etcf7Automation

REST Endpoints

/wp-json/etcf7/v1/rules/wp-json/etcf7/v1/forms/wp-json/etcf7/v1/settings

FAQ