WP-Safety

Contact Form 7 Database Manager Addon – CF7DBM Security & Risk Analysis

wordpress.org/plugins/form-data-manager

Save contact form 7 submissions to the WP database with this CF7 addon. Never lose important messages, leads, and requests again.

200 active installs v1.1.1 PHP 5.2.4+ WP + Updated Dec 21, 2024
contact-form-7contact-form-7-databasecontact-form-dbcontact-form-exportform-submissions
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Contact Form 7 Database Manager Addon – CF7DBM Safe to Use in 2026?

Generally Safe

Score 92/100

Contact Form 7 Database Manager Addon – CF7DBM has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The plugin "form-data-manager" v1.1.1 exhibits several significant security concerns, primarily stemming from its unprotected AJAX endpoints and the presence of dangerous functions. While the plugin demonstrates good practices in areas like output escaping and prepared statements for SQL queries, the lack of authentication on two AJAX handlers presents a substantial attack surface. Furthermore, the taint analysis reveals four high-severity flows with unsanitized paths, indicating potential vulnerabilities that could be exploited if these paths involve user-controlled input. The "unserialize" function, known for its potential to lead to remote code execution if used with untrusted data, is also present, adding another layer of risk. The absence of any recorded vulnerability history is a positive sign, suggesting a history of secure development. However, this does not negate the immediate risks identified in the static analysis. Overall, the plugin has strengths in output handling and SQL query sanitization, but the unprotected entry points and taint analysis findings are critical weaknesses that require immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows with unsanitized paths
  • Dangerous unserialize function present
  • No nonce checks on AJAX entry points
  • No capability checks on AJAX entry points
Vulnerabilities
None known

Contact Form 7 Database Manager Addon – CF7DBM Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Contact Form 7 Database Manager Addon – CF7DBM Code Analysis

Dangerous Functions
5
Raw SQL Queries
4
12 prepared
Unescaped Output
19
230 escaped
Nonce Checks
0
Capability Checks
0
File Operations
4
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$values = unserialize($contact_data['contact_value']);inc\class-wpfdm-contacts-list.php:576
unserialize$values = unserialize($contact_data['contact_value']);inc\class-wpfdm-contacts-list.php:664
unserialize$one_form = isset($results[0]) ? unserialize( $results[0]->contact_value ): NULL ;inc\class-wpfdm-data-export.php:106
unserialize$obj_tmp = unserialize($result['contact_value']);inc\class-wpfdm-data-export.php:154
unserialize$form_value = unserialize( $row['form_value'] );inc\model\class-wpfdm-contact-dao.php:147

SQL Query Safety

75% prepared16 total queries

Output Escaping

92% escaped249 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths
display_rate_notice (form-data-manager.php:122)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Contact Form 7 Database Manager Addon – CF7DBM Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_enable_fdm_formform-data-manager.php:109
authwp_ajax_mark_contact_as_read_fdm_formform-data-manager.php:112
WordPress Hooks 18
filterplugin_action_linksform-data-manager.php:69
filterplugin_row_metaform-data-manager.php:70
actionadmin_noticesform-data-manager.php:71
filterwpcf7_admin_actionsform-data-manager.php:73
actionadmin_noticesform-data-manager.php:79
actionadmin_menuform-data-manager.php:88
actionplugins_loadedform-data-manager.php:91
actionadmin_enqueue_scriptsform-data-manager.php:94
actionwpcf7_before_send_mailform-data-manager.php:97
actionwpcf7_after_createform-data-manager.php:100
actionwpcf7_after_updateform-data-manager.php:103
actionadmin_initform-data-manager.php:106
actionadmin_noticesform-data-manager.php:114
actionadmin_enqueue_scriptsform-data-manager.php:116
actionadmin_noticesform-data-manager.php:118
actionadmin_footerinc\class-wpfdm-contacts-list.php:93
actionadmin_footerinc\class-wpfdm-data-import.php:65
actionadmin_footerinc\class-wpfdm-forms-list.php:95
Maintenance & Trust

Contact Form 7 Database Manager Addon – CF7DBM Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 21, 2024
PHP min version5.2.4
Downloads3K

Community Trust

Rating90/100
Number of ratings2
Active installs200
Alternatives

Contact Form 7 Database Manager Addon – CF7DBM Alternatives

EP Exporter for Contact Form 7 (CF7)

EP Exporter for Contact Form 7 (CF7)

ep-exporter-for-cf7

A
100

Smart and lightweight Contact Form 7 data exporter. Export your CF7 or CFDB7 submissions to CSV with advanced filtering options.

200 No CVEs
Advanced Contact form 7 DB

Advanced Contact form 7 DB

advanced-cf7-db

B
83

Save all contact form 7 form submitted data to the database, View, Ordering, Change field labels and Import/Export data using CSV.

70K 6 CVEs
Database for Contact Form 7, WPforms, Elementor forms

Database for Contact Form 7, WPforms, Elementor forms

contact-form-entries

B
76

Saves Contact Form 7, WPforms,Elementor Forms, CRM Perks Forms and many other contact form submissions to database.

70K 13 CVEs
FormsDB – Save Elementor Forms to Google Sheets & Post Type

FormsDB – Save Elementor Forms to Google Sheets & Post Type

sb-elementor-contact-form-db

A
98

Connect Elementor forms with Google Sheets to sync form entries, or save form submissions in any post type using Elementor Pro or Hello Plus forms.

20K 3 CVEs
Form Vibes – Database Manager for Forms

Form Vibes – Database Manager for Forms

form-vibes

A
92

Never miss a single lead! Save and manage all Contact Form 7 and Elementor form submissions easily. View, Export, Analyze and Filter submissions.

10K 4 CVEs
Developer Profile

Contact Form 7 Database Manager Addon – CF7DBM Developer Profile

M. NASRI

2 plugins · 200 total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Contact Form 7 Database Manager Addon – CF7DBM

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/form-data-manager/admin/css/fdm-styles.css/wp-content/plugins/form-data-manager/admin/css/fdm-datatable-style.css/wp-content/plugins/form-data-manager/admin/js/fdm-custom.js/wp-content/plugins/form-data-manager/admin/js/fdm-datatable-script.js/wp-content/plugins/form-data-manager/admin/js/cf7-custom.js
Script Paths
/wp-content/plugins/form-data-manager/admin/js/fdm-custom.js/wp-content/plugins/form-data-manager/admin/js/fdm-datatable-script.js/wp-content/plugins/form-data-manager/admin/js/cf7-custom.js
Version Parameters
form-data-manager/admin/css/fdm-styles.css?ver=form-data-manager/admin/css/fdm-datatable-style.css?ver=form-data-manager/admin/js/fdm-custom.js?ver=form-data-manager/admin/js/fdm-datatable-script.js?ver=form-data-manager/admin/js/cf7-custom.js?ver=

HTML / DOM Fingerprints

CSS Classes
FDM-top-main-msg
JS Globals
WPFDM_Plugin_VERSIONWPFDM_Plugin_NAME
FAQ

Frequently Asked Questions about Contact Form 7 Database Manager Addon – CF7DBM