Does Generate PDF using Contact Form 7 have any unpatched vulnerabilities?

No. All known vulnerabilities in Generate PDF using Contact Form 7 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Generate PDF using Contact Form 7 compatible with WordPress 6.8.5?

According to WordPress.org data, Generate PDF using Contact Form 7 4.1.6 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Generate PDF using Contact Form 7 compatible with PHP 5.6+?

Generate PDF using Contact Form 7 requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Generate PDF using Contact Form 7 updated?

Generate PDF using Contact Form 7 was last updated on Sep 24, 2025. Frequent updates are generally a positive security signal.

What is Generate PDF using Contact Form 7's security score?

Generate PDF using Contact Form 7 has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Generate PDF using Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/generate-pdf-using-contact-form-7

Generate PDF using Contact Form 7 Plugin makes it simple to create PDFs for downloads, viewing, or sending as attachments after form submissions.

4K active installs v4.1.6 PHP 5.6+ WP 3.0.1+ Updated Sep 24, 2025

contactcontact-formemailpdf

A · Safe

CVEs total3

Unpatched0

Last CVEJul 8, 2024

Plugin page Download

Safety Verdict

Is Generate PDF using Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 96/100

Generate PDF using Contact Form 7 has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jul 8, 2024Updated 6mo ago

Risk Assessment

The static analysis of the 'generate-pdf-using-contact-form-7' plugin v4.1.6 reveals a generally good security posture in terms of direct code vulnerabilities. The absence of AJAX handlers, REST API routes, shortcodes, and cron events with exposed entry points is a strong positive. The plugin also demonstrates good practices with 100% of SQL queries using prepared statements and a high percentage of output escaping. Nonce and capability checks are present, indicating awareness of common web security principles. However, the history of known vulnerabilities, including 3 CVEs with 2 classified as high severity and 1 as medium, is a significant concern. The common vulnerability types (CSRF and XSS) suggest that the plugin has historically struggled with proper input validation and state management, even if the current version's static analysis doesn't immediately flag these issues. The presence of file operations also warrants careful monitoring, though the static analysis doesn't indicate any immediate risks.

Key Concerns

Multiple past high severity vulnerabilities (CVEs)
One past medium severity vulnerability (CVE)
Two file operations detected
9% of output not properly escaped

Vulnerabilities

Generate PDF using Contact Form 7 Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2024-6317high · 8.8Cross-Site Request Forgery (CSRF)

Generate PDF using Contact Form 7 <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion

Jul 8, 2024 Patched in 4.1.3 (61d)

CVE-2024-6316high · 8.8Cross-Site Request Forgery (CSRF)

Generate PDF using Contact Form 7 <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Upload

Jul 8, 2024 Patched in 4.1.3 (61d)

CVE-2022-3070medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Generate PDF using Contact Form 7 <= 3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

Aug 31, 2022 Patched in 3.6 (510d)

Code Analysis

Analyzed Mar 16, 2026

Generate PDF using Contact Form 7 Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

190 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

91% escaped208 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<cf7-pdf-generation.admin.html> (inc\templates\cf7-pdf-generation.admin.html.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Generate PDF using Contact Form 7 Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 21

actionadmin_enqueue_scriptsinc\admin\class.cf7-pdf-generation.admin.action.php:26

actionadmin_enqueue_scriptsinc\admin\class.cf7-pdf-generation.admin.action.php:27

actionadmin_menuinc\admin\class.cf7-pdf-generation.admin.action.php:28

actionadmin_print_stylesinc\admin\class.cf7-pdf-generation.admin.action.php:29

actionadmin_print_scriptsinc\admin\class.cf7-pdf-generation.admin.action.php:30

actionplugins_loadedinc\admin\class.cf7-pdf-generation.admin.action.php:104

filterplugin_action_linksinc\admin\class.cf7-pdf-generation.admin.filter.php:26

filterattachment_fields_to_editinc\admin\class.cf7-pdf-generation.admin.filter.php:27

actionplugins_loadedinc\admin\class.cf7-pdf-generation.admin.filter.php:66

actionplugins_loadedinc\admin\class.cf7-pdf-generation.admin.php:52

actionplugins_loadedinc\class.cf7-pdf-generation.php:37

actionadmin_initinc\class.cf7-pdf-generation.php:38

actionadmin_noticesinc\class.cf7-pdf-generation.php:52

actionwp_enqueue_scriptsinc\front\class.cf7-pdf-generation.front.action.php:24

actionwp_enqueue_scriptsinc\front\class.cf7-pdf-generation.front.action.php:25

actionwpcf7_before_send_mailinc\front\class.cf7-pdf-generation.front.action.php:26

actionplugins_loadedinc\front\class.cf7-pdf-generation.front.action.php:495

filterupload_mimesinc\front\class.cf7-pdf-generation.front.filter.php:23

actionplugins_loadedinc\front\class.cf7-pdf-generation.front.filter.php:56

actionplugins_loadedinc\front\class.cf7-pdf-generation.front.php:52

actionadmin_print_footer_scriptsinc\templates\cf7-pdf-generation.admin.html.php:561

Maintenance & Trust

Generate PDF using Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 24, 2025

PHP min version5.6

Downloads117K

Community Trust

Rating94/100

Number of ratings38

Active installs4K

Alternatives

Generate PDF using Contact Form 7 Alternatives

Gravity PDF

gravity-forms-pdf-extended

100

Automatically generate, email and download PDF documents from Gravity Forms entries

20K 1 CVE

PDF Forms Filler for CF7

pdf-forms-for-contact-form-7

100

Build Contact Form 7 forms from PDF forms. Get PDFs auto-filled and attached to email messages and/or website responses on form submission.

3K No CVEs

Creative Mail – Easier WordPress & WooCommerce Email Marketing

creative-mail-by-constant-contact

Creative Mail was designed specifically for WordPress and WooCommerce. Our intelligent (and super fun) email editor simplifies email marketing campaig …

300K 3 CVEs

HTML Forms – Simple WordPress Forms Plugin

html-forms

A simpler, faster, and smarter WordPress forms plugin.

10K 9 CVEs

WPZOOM Forms – Drag & Drop Contact Form Builder for WordPress

wpzoom-forms

100

Drag & drop contact form builder for WordPress. Create contact forms, custom forms, email forms with spam protection. Works with Elementor, shortcodes

10K No CVEs

Developer Profile

Generate PDF using Contact Form 7 Developer Profile

ZealousWeb

18 plugins · 7K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

88 days

View full developer profile

Detection Fingerprints

How We Detect Generate PDF using Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/generate-pdf-using-contact-form-7/assets/css/cf7-pdf-generation-admin-min.css/wp-content/plugins/generate-pdf-using-contact-form-7/assets/css/cf7-pdf-generation-codemirror-min.css/wp-content/plugins/generate-pdf-using-contact-form-7/assets/css/cf7-pdf-generation-3024-night-min.css/wp-content/plugins/generate-pdf-using-contact-form-7/assets/css/cf7-pdf-jquery-ui-min.css/wp-content/plugins/generate-pdf-using-contact-form-7/assets/js/cf7-pdf-generation-codemirror-min.js/wp-content/plugins/generate-pdf-using-contact-form-7/assets/js/cf7-pdf-generation-codemirror-javascript-min.js/wp-content/plugins/generate-pdf-using-contact-form-7/assets/js/cf7-pdf-generation-admin-min.js/wp-content/plugins/generate-pdf-using-contact-form-7/assets/js/cf7-pdf-generation-admin-upload-script-min.js

Script Paths

assets/js/cf7-pdf-generation-codemirror-min.jsassets/js/cf7-pdf-generation-codemirror-javascript-min.jsassets/js/cf7-pdf-generation-admin-min.jsassets/js/cf7-pdf-generation-admin-upload-script-min.js

Version Parameters

cf7-pdf-generation-admin-min.css?ver=cf7-pdf-generation-codemirror-min.css?ver=cf7-pdf-generation-3024-night-min.css?ver=cf7-pdf-jquery-ui-min.css?ver=cf7-pdf-generation-codemirror-min.js?ver=cf7-pdf-generation-codemirror-javascript-min.js?ver=cf7-pdf-generation-admin-min.js?ver=cf7-pdf-generation-admin-upload-script-min.js?ver=

HTML / DOM Fingerprints

CSS Classes

cf7-pdf-settings

HTML Comments

+1 more

Data Attributes

data-cf7-pdf-form-iddata-cf7-pdf-titledata-cf7-pdf-filenamedata-cf7-pdf-orientationdata-cf7-pdf-pagesizedata-cf7-pdf-margin-top+7 more

JS Globals

cf7_pdf_generation_object

Shortcode Output

[cf7-pdf-form-generator]

FAQ