WP-Safety

EngageBay Add-on For Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/engagebay-add-on-for-contact-form-7

Send Contact Form 7 submissions to EngageBay automcatically using this plugin. Link any field type with EngageBay including custom fields.

60 active installs v1.9.1 PHP + WP 3.7+ Updated Nov 28, 2024
contact-formcontact-form-plugincontact-formsformssubmission
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is EngageBay Add-on For Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 92/100

EngageBay Add-on For Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The plugin "engagebay-add-on-for-contact-form-7" v1.9.1 exhibits a mixed security posture. On the positive side, the static analysis reveals no identified dangerous functions, all SQL queries utilize prepared statements, and there are no recorded CVEs, suggesting a good track record and adherence to secure coding practices for database interactions. However, several areas raise concerns. The absence of nonce checks and capability checks, coupled with a high percentage of unsanitized taint flows (3 out of 3 analyzed), indicates potential vulnerabilities where user-supplied data might not be properly validated or authorized before being processed. Furthermore, while the attack surface appears small with zero identified entry points like AJAX handlers or REST API routes, this may be misleading if the plugin relies on external interactions or indirect input handling not captured in this analysis. The file operation and external HTTP requests also warrant scrutiny to ensure they are not being exploited.

Key Concerns

  • Unsanitized taint flows detected
  • No nonce checks detected
  • No capability checks detected
  • Significant portion of output not escaped
  • File operations present
  • External HTTP requests present
Vulnerabilities
None known

EngageBay Add-on For Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

EngageBay Add-on For Contact Form 7 Release Timeline

v1.9
v1.8.3
v1.8.2
v1.8.1
v1.8
v1.7.2
v1.7.1
v1.7
v1.6
v1.5
v1.4
v1.3
v1.2
v1.1
v1.0
Code Analysis
Analyzed Mar 16, 2026

EngageBay Add-on For Contact Form 7 Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
13
20 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
7
Bundled Libraries
0

Output Escaping

61% escaped33 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
cf7ebi_login_settings (engagebay-cf7-forms.php:166)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

EngageBay Add-on For Contact Form 7 Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
actionadmin_enqueue_scriptsengagebay-cf7-forms.php:53
actionadmin_menuengagebay-cf7-forms.php:65
filterwpcf7_editor_panelsengagebay-cf7-forms.php:618
actionwpcf7_save_contact_formengagebay-cf7-forms.php:812
actionwpcf7_before_send_mailengagebay-cf7-forms.php:1050
actionsave_postengagebay-cf7-forms.php:1132
Maintenance & Trust

EngageBay Add-on For Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 28, 2024
PHP min version
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs60
Alternatives

EngageBay Add-on For Contact Form 7 Alternatives

Contact Form by Supsystic

Contact Form by Supsystic

contact-form-by-supsystic

B
83

Contact Form Builder with drag-and-drop editor to create responsive, mobile ready contact forms in a second. Custom fields and contact form templates

7K 10 CVEs
Contact Form Generator : Creative form builder for WordPress

Contact Form Generator : Creative form builder for WordPress

contact-form-generator

A
98

Contact Form Generator is a creative and powerful contact form builder! You will get ready-to-use forms in 5 minutes!

800 3 CVEs
NM Contact Forms

NM Contact Forms

nm-contact-forms

A
85

Contact form plugin. NM contact forms allow you simple contact form integration with two built-in anti-spam solutions. Supports get variable.

200 No CVEs
DigitSix Simple Contact Form

DigitSix Simple Contact Form

digitsix-simple-contact-form

A
85

DigitSix Simple Contact Form is a simple solution for those who need simple contact forms for their website.

30 No CVEs
Contact Blaster

Contact Blaster

contact-blaster

A
85

Simplest contact forms ever. Two easy ways to use:

10 No CVEs
Developer Profile

EngageBay Add-on For Contact Form 7 Developer Profile

engagebay

7 plugins · 430 total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect EngageBay Add-on For Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/engagebay-add-on-for-contact-form-7/assets/css/styles.css/wp-content/plugins/engagebay-add-on-for-contact-form-7/assets/js/scripts.js/wp-content/plugins/engagebay-add-on-for-contact-form-7/assets/js/refresh.js
Script Paths
assets/js/scripts.jsassets/js/refresh.js
Version Parameters
engagebay-add-on-for-contact-form-7/assets/css/styles.css?ver=engagebay-add-on-for-contact-form-7/assets/js/scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
cf7ebi-stylesengagebay-marketing-software
Data Attributes
data-cf7ebi-nonce
JS Globals
cf7ebi_data
FAQ

Frequently Asked Questions about EngageBay Add-on For Contact Form 7