WP-Safety

Email Validator for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/email-validator-for-contact-form-7

Email validation for Contact Form 7. Reduce registration spam with invalid email, block disposable and block free email.

500 active installs v1.8.1 PHP 5.2.4+ WP + Updated Dec 10, 2025
contact-form-7email-validationemail-validatorform-validationmailboxvalidator
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Email Validator for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 100/100

Email Validator for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "email-validator-for-contact-form-7" plugin v1.8.1 exhibits several concerning security weaknesses despite having no recorded vulnerability history. The static analysis reveals a significant risk due to a single unprotected AJAX handler, which represents the entire attack surface of the plugin. This unprotected entry point is a prime target for attackers seeking to exploit vulnerabilities without needing authentication. Furthermore, the plugin heavily relies on raw SQL queries, with 100% of them lacking prepared statements. This is a serious security flaw that can lead to SQL injection vulnerabilities, especially when combined with unsanitized user input. The taint analysis confirms a high-severity flow with unsanitized paths, further indicating a potential for critical vulnerabilities like SQL injection or path traversal. The low percentage of properly escaped output (14%) also suggests a risk of Cross-Site Scripting (XSS) vulnerabilities.

Key Concerns

  • Unprotected AJAX handler
  • SQL queries without prepared statements
  • High severity taint flow with unsanitized paths
  • Low percentage of output escaping
  • No nonce checks on AJAX entry points
Vulnerabilities
None known

Email Validator for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Email Validator for Contact Form 7 Code Analysis

Dangerous Functions
0
Raw SQL Queries
12
0 prepared
Unescaped Output
19
3 escaped
Nonce Checks
0
Capability Checks
1
File Operations
6
External Requests
1
Bundled Libraries
0

SQL Query Safety

0% prepared12 total queries

Output Escaping

14% escaped22 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
<email-validator-for-contact-form-7> (email-validator-for-contact-form-7.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Email Validator for Contact Form 7 Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_email_validator_for_contact_form_7_submit_feedbackemail-validator-for-contact-form-7.php:34
WordPress Hooks 10
actionadmin_initemail-validator-for-contact-form-7.php:30
actionadmin_enqueue_scriptsemail-validator-for-contact-form-7.php:32
actionadmin_footer_textemail-validator-for-contact-form-7.php:35
filterwpcf7_validate_emailemail-validator-for-contact-form-7.php:37
filterwpcf7_validate_email*email-validator-for-contact-form-7.php:39
actionadmin_initemail-validator-for-contact-form-7.php:49
actionadmin_noticesemail-validator-for-contact-form-7.php:50
actionadmin_menuemail-validator-for-contact-form-7.php:52
actionadmin_initemail-validator-for-contact-form-7.php:54
actionadmin_noticesemail-validator-for-contact-form-7.php:62
Maintenance & Trust

Email Validator for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 10, 2025
PHP min version5.2.4
Downloads16K

Community Trust

Rating80/100
Number of ratings4
Active installs500
Alternatives

Email Validator for Contact Form 7 Alternatives

GEV Email Validator

GEV Email Validator

gev-email-validator

A
85

The Cheapest advanced Email Address Validation to forms. Prevents typos in email address field and eliminates spam submissions with fake email address &hellip;

0 No CVEs
Antideo Email Validator

Antideo Email Validator

antideo-email-validator

B
75

Form email validation, Email Blacklist, Domain Blacklist, Form email check, Real time email validator Requires at least: 4.7 Tested up to: 6.9.

900 1 unpatched
Reoon Email Verifier

Reoon Email Verifier

reoon-email-verifier

A
99

Safeguard your online forms against invalid, temporary, disposable, and harmful email addresses with real-time verification.

600 1 CVE
QuickEmailVerification

QuickEmailVerification

quickemailverification

A
100

The QuickEmailVerification email verification plugin to avoid fake, bad and nonexistent emails.

200 No CVEs
Dilli Email Validator

Dilli Email Validator

dilli-email-validator

A
100

Validates email addresses in real-time and blocks form submissions with invalid or fake emails. Reduce spam, fix typos, and capture quality leads.

100 No CVEs
Developer Profile

Email Validator for Contact Form 7 Developer Profile

MailboxValidator

2 plugins · 520 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Email Validator for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/email-validator-for-contact-form-7/assets/js/mbv.js/wp-content/plugins/email-validator-for-contact-form-7/assets/js/jquery.tagsinput.min.js
Script Paths
https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.8.0/Chart.min.jshttps://cdnjs.cloudflare.com/ajax/libs/jquery-tagsinput/1.3.6/jquery.tagsinput.min.css
Version Parameters
email-validator-for-contact-form-7/assets/js/mbv.js?ver=email-validator-for-contact-form-7/assets/js/jquery.tagsinput.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
mbv_wpcf7_nocf7_notice
JS Globals
ChartjQuery
FAQ

Frequently Asked Questions about Email Validator for Contact Form 7