Does Stop Contact Form 7 Spam & WPForms Spam – Free Protection have any unpatched vulnerabilities?

No. All known vulnerabilities in Stop Contact Form 7 Spam & WPForms Spam – Free Protection have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Stop Contact Form 7 Spam & WPForms Spam – Free Protection compatible with WordPress 6.9.4?

According to WordPress.org data, Stop Contact Form 7 Spam & WPForms Spam – Free Protection 2.6.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Stop Contact Form 7 Spam & WPForms Spam – Free Protection compatible with PHP 7.4+?

Stop Contact Form 7 Spam & WPForms Spam – Free Protection requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Stop Contact Form 7 Spam & WPForms Spam – Free Protection Security & Risk Analysis

wordpress.org/plugins/fullworks-anti-spam

Stop Contact Form 7 spam and WPForms spam instantly. Free spam protection for business sites. No CAPTCHA. No API keys. Just works.

1K active installs v2.6.1 PHP 7.4+ WP 5.3.0+ Updated Nov 15, 2025

anti-spamcf7contact-form-7spam-protectionwpforms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Stop Contact Form 7 Spam & WPForms Spam – Free Protection Safe to Use in 2026?

Generally Safe

Score 100/100

Stop Contact Form 7 Spam & WPForms Spam – Free Protection has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "fullworks-anti-spam" plugin v2.6.1 demonstrates several good security practices, including a high percentage of properly escaped output and a low rate of SQL queries without prepared statements. The absence of any recorded vulnerabilities, including critical or high severity issues, further suggests a generally secure codebase. The plugin also benefits from a strong presence of nonce and capability checks, indicating an effort to protect against common WordPress exploits.

However, the static analysis reveals a notable concern regarding its attack surface. Specifically, two out of four AJAX handlers lack authentication checks. This creates potential entry points that could be exploited by unauthenticated users, depending on the functionality of these handlers. While taint analysis found no critical or high severity issues with unsanitized paths, the unprotected AJAX endpoints remain a point of concern that could potentially lead to other types of vulnerabilities if not properly secured.

In conclusion, the plugin has a solid foundation with good coding practices and a clean vulnerability history. The primary weakness lies in the exposed AJAX handlers, which should be addressed to further strengthen its security posture. The lack of past vulnerabilities is a positive indicator, but the identified attack surface requires attention to ensure continued security.

Key Concerns

Unprotected AJAX handlers

Vulnerabilities

None known

Stop Contact Form 7 Spam & WPForms Spam – Free Protection Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Stop Contact Form 7 Spam & WPForms Spam – Free Protection Code Analysis

Dangerous Functions

Raw SQL Queries

18 prepared

Unescaped Output

149 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

64% prepared28 total queries

Output Escaping

97% escaped153 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

handle_ad_csv_import (admin\class-admin.php:157)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Stop Contact Form 7 Spam & WPForms Spam – Free Protection Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 4

authwp_ajax_fwantispam_ajax_handleradmin\class-admin-table-allow-deny.php:20

authwp_ajax_fwas_dismiss_upgrade_noticeadmin\class-admin.php:91

noprivwp_ajax_fwas_get_keyscontrol\class-core.php:218

authwp_ajax_fwas_get_keyscontrol\class-core.php:219

WordPress Hooks 50

actionadmin_enqueue_scriptsadmin\class-admin-pages.php:87

filterscreen_layout_columnsadmin\class-admin-pages.php:89

actionadmin_enqueue_scriptsadmin\class-admin.php:85

actionadmin_enqueue_scriptsadmin\class-admin.php:86

actionadmin_menuadmin\class-admin.php:87

actionadmin_post_fwas_ad_csv_importadmin\class-admin.php:88

actionadmin_post_fwas_ad_csv_exportadmin\class-admin.php:89

actionwp_dashboard_setupadmin\class-admin.php:94

actionunspammed_commentadmin\class-mark-spam.php:107

actionspammed_commentadmin\class-mark-spam.php:113

filterfwas_is_spamclass-anti-spam-api.php:16

actionadmin_menucontrol\class-core.php:155

actionadmin_menucontrol\class-core.php:156

actioninitcontrol\class-core.php:157

filterset-screen-optioncontrol\class-core.php:159

actionadmin_menucontrol\class-core.php:165

actioninitcontrol\class-core.php:166

actioninitcontrol\class-core.php:169

actionfullworks_anti_spam_daily_admincontrol\class-core.php:208

actionadmin_initcontrol\class-core.php:209

actionwp_enqueue_scriptscontrol\class-core.php:217

actionlogin_footercontrol\class-core.php:220

actioninitcontrol\class-core.php:235

actionplugins_loadedcontrol\class-core.php:236

filterplugin_iconcontrol\class-freemius-config.php:77

filterpermission_listcontrol\class-freemius-config.php:80

filterfullworks-anti-spam_template_pathscontrol\class-template-loader.php:92

filterpre_comment_approvedcore\class-forms-hooks.php:83

filterwpforms_process_honeypotcore\class-forms-hooks.php:90

filterwpcf7_spamcore\class-forms-hooks.php:99

filterfluentform/validationscore\class-forms-hooks.php:105

filterjetpack_contact_form_is_spamcore\class-forms-hooks.php:111

filtersrfm_before_fields_processingcore\class-forms-hooks.php:117

filterwpcf7_skip_mailcore\class-forms-hooks.php:259

filterwpcf7_display_messagecore\class-forms-hooks.php:268

filterwpforms_entry_emailcore\class-forms-hooks.php:370

filterwpforms_entry_save_argscore\class-forms-hooks.php:388

filtersrfm_should_send_emailcore\class-forms-hooks.php:473

actionfwas_purge_dailycore\class-purge.php:62

actioninitcore\class-purge.php:64

actionfwas_purge_dailycore\class-purge.php:77

actiondoing_it_wrong_runfullworks-anti-spam.php:73

actionwpmu_new_blogfullworks-anti-spam.php:125

filterwpmu_drop_tablesfullworks-anti-spam.php:135

actionafter_uninstallfullworks-anti-spam.php:136

actionplugins_loadedfullworks-anti-spam.php:138

filterwsf_config_settings_form_adminintegrations\ws-form\class-ws-form-action-fullworks-anti-spam.php:30

filterwsf_config_meta_keysintegrations\ws-form\class-ws-form-action-fullworks-anti-spam.php:33

filterwsf_actions_post_saveintegrations\ws-form\class-ws-form-action-fullworks-anti-spam.php:36

filterwsf_actions_post_submitintegrations\ws-form\class-ws-form-action-fullworks-anti-spam.php:37

Scheduled Events 4

fullworks_anti_spam_daily_admin

fullworks_anti_spam_daily_training

fullworks_anti_spam_daily_admin

Maintenance & Trust

Stop Contact Form 7 Spam & WPForms Spam – Free Protection Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 15, 2025

PHP min version7.4

Downloads57K

Community Trust

Rating100/100

Number of ratings11

Active installs1K

Alternatives

Stop Contact Form 7 Spam & WPForms Spam – Free Protection Alternatives

Advanced Spam Protection for Contact Form 7

gotechark-advanced-spam-shield-for-contact-form-7

100

A powerful spam protection plugin for Contact Form 7 that blocks bots, spam submissions, VPN users, repeated attempts, and automated attacks — without …

40 No CVEs

CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

contact-form-7-honeypot

100

Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.

300K No CVEs

Autopreenchimento de endereço em formulários

cf7-cep-autofill

Preenchimento automático de campos de endereço baseado no CEP informado.

1K No CVEs

WPCF7 Anti-spam

wpcf7-anti-spam

Upload wpcf7_antispam folder to the /wp-content/plugins/ directory Activate the plugin through the 'Plugins' menu in WordPress Configure the …

10 No CVEs

humanID – Anti-Spam Comment Filter

humanid-spam-filter

100

Replace ReCAPTCHA with a faster, user-friendly solution and block spammers & bots permanently

0 No CVEs

Developer Profile

Stop Contact Form 7 Spam & WPForms Spam – Free Protection Developer Profile

fullworks

13 plugins · 79K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

1372 days

View full developer profile

Detection Fingerprints

How We Detect Stop Contact Form 7 Spam & WPForms Spam – Free Protection

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fullworks-anti-spam/dist/css/main.css/wp-content/plugins/fullworks-anti-spam/dist/js/backend.js/wp-content/plugins/fullworks-anti-spam/dist/js/frontend.js

Script Paths

/wp-content/plugins/fullworks-anti-spam/dist/js/backend.js/wp-content/plugins/fullworks-anti-spam/dist/js/frontend.js

Version Parameters

fullworks-anti-spam/dist/css/main.css?ver=fullworks-anti-spam/dist/js/backend.js?ver=fullworks-anti-spam/dist/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

fwas-settings-modalfwas-settings-modal__overlayfwas-settings-modal__contentfwas-settings-modal__closefwas-togglefwas-toggle__inputfwas-toggle__labelfwas-toggle__slider+14 more

HTML Comments

+52 more

Data Attributes

data-fwas-modal-targetdata-fwas-modal-closedata-fwas-tab-iddata-fwas-tab-content-iddata-fwas-toggle

JS Globals

fwas_optionsfwas_form_handlersfwas_settings

FAQ