Integrate Razorpay for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/integrate-razorpay-contact-form-7

Seamlessly integrates Razorpay with Contact Form 7

500 active installs v2.0.5 PHP 7.2+ WP 5.6+ Updated Feb 6, 2025
contact-form-7donationpaymentpaymentsrazorpay
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Integrate Razorpay for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 92/100

Integrate Razorpay for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "integrate-razorpay-contact-form-7" plugin version 2.0.5 exhibits a concerning security posture primarily due to its extensive unprotected attack surface. While the code shows good practices in avoiding dangerous functions, external requests, and file operations, the presence of 10 AJAX handlers without any authentication or capability checks is a significant risk. This means any authenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure.

Taint analysis revealed flows with unsanitized paths, although they did not reach a critical or high severity. This indicates potential areas where input might not be sufficiently validated, which could be exploited in conjunction with other weaknesses. The absence of nonce checks on the AJAX handlers further exacerbates this risk, as it allows for cross-site request forgery (CSRF) attacks.

The plugin's vulnerability history is currently clean, with no recorded CVEs. This is a positive indicator of past development practices. However, the static analysis findings, particularly the unprotected AJAX endpoints and unsanitized paths, suggest that a proactive approach to security, including robust input validation and proper authorization checks, is crucial to maintain this good record.

Key Concerns

  • 10 AJAX handlers without auth checks
  • Flows with unsanitized paths (4)
  • 0 Nonce checks on AJAX handlers
  • SQL queries: 50% not using prepared statements
  • Output escaping: 13% not properly escaped
Vulnerabilities
None known

Integrate Razorpay for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Integrate Razorpay for Contact Form 7 Release Timeline

v2.0.5Current
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0
Code Analysis
Analyzed Mar 16, 2026

Integrate Razorpay for Contact Form 7 Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
1 prepared
Unescaped Output
7
46 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

50% prepared2 total queries

Output Escaping

87% escaped53 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths
cf7rzp_admin_tab (includes\admin\rzp_tab.php:23)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
10 unprotected

Integrate Razorpay for Contact Form 7 Attack Surface

Entry Points10
Unprotected10

AJAX Handlers 10

noprivwp_ajax_cf7rzp_get_payment_more_infoincludes\admin\functions.php:52
authwp_ajax_cf7rzp_get_payment_more_infoincludes\admin\functions.php:53
noprivwp_ajax_is_cf7rzp_activatedincludes\payments\functions.php:38
authwp_ajax_is_cf7rzp_activatedincludes\payments\functions.php:39
noprivwp_ajax_cf7rzp_create_orderincludes\payments\functions.php:162
authwp_ajax_cf7rzp_create_orderincludes\payments\functions.php:163
noprivwp_ajax_cf7rzp_verify_paymentincludes\payments\functions.php:218
authwp_ajax_cf7rzp_verify_paymentincludes\payments\functions.php:219
noprivwp_ajax_cf7rzp_update_payment_statusincludes\payments\functions.php:252
authwp_ajax_cf7rzp_update_payment_statusincludes\payments\functions.php:253
WordPress Hooks 19
actionadmin_enqueue_scriptsincludes\admin\enqueue.php:16
filtercf7rzp_admin_rzp_tabincludes\admin\functions.php:57
actionadmin_menuincludes\admin\functions.php:58
actioncf7rzp_admin_demo_rzp_settings_inincludes\admin\functions.php:392
actionadmin_menuincludes\admin\rzp_menu_links.php:10
filterwpcf7_editor_panelsincludes\admin\rzp_tab.php:21
actionwpcf7_after_saveincludes\admin\rzp_tab.php:70
actionwp_enqueue_scriptsincludes\enqueue.php:17
actioninitincludes\payments\cpt.php:7
actioninitincludes\payments\cpt.php:43
filtermanage_cf7rzp_payments_posts_columnsincludes\payments\cpt.php:97
actionmanage_cf7rzp_payments_posts_custom_columnincludes\payments\cpt.php:115
actionrestrict_manage_postsincludes\payments\cpt.php:158
actionparse_queryincludes\payments\cpt.php:191
filterviews_edit-cf7rzp_paymentsincludes\payments\cpt.php:216
filterpost_row_actionsincludes\payments\cpt.php:225
filterbulk_actions-edit-cf7rzp_paymentsincludes\payments\cpt.php:235
actionwp_footerincludes\payments\functions.php:262
actionadmin_noticesintegrate-razorpay-for-contact-form-7.php:78
Maintenance & Trust

Integrate Razorpay for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 6, 2025
PHP min version7.2
Downloads9K

Community Trust

Rating100/100
Number of ratings2
Active installs500
Developer Profile

Integrate Razorpay for Contact Form 7 Developer Profile

vinaysaini30

1 plugin · 500 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Integrate Razorpay for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/integrate-razorpay-contact-form-7/assets/css/styles.css/wp-content/plugins/integrate-razorpay-contact-form-7/assets/js/lib/sweetalert2.js/wp-content/plugins/integrate-razorpay-contact-form-7/assets/js/admin.js/wp-content/plugins/integrate-razorpay-contact-form-7/assets/js/main.js
Script Paths
https://checkout.razorpay.com/v1/checkout.js
Version Parameters
integrate-razorpay-contact-form-7/assets/css/styles.css?ver=integrate-razorpay-contact-form-7/assets/js/lib/sweetalert2.js?ver=integrate-razorpay-contact-form-7/assets/js/admin.js?ver=integrate-razorpay-contact-form-7/assets/js/main.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- default options --><!-- public includes --><!-- admin includes --><!-- give warning if contact form 7 is not active -->+5 more
JS Globals
ajax_object_cf7rzp
REST Endpoints
/wp-json/contact-form-7/v1/contact-forms
FAQ

Frequently Asked Questions about Integrate Razorpay for Contact Form 7