WP-Safety

Maps for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/map-contact-form-7

Addon of the contact form 7 that adds place field. The places submitted are overlooked by shortcode( 'maps-for-contact-form-7' ).

0 active installs v1.0.2 PHP 7.0+ WP 5.7.2+ Updated Jun 5, 2021
cf7contact-form-7google-map
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Maps for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 85/100

Maps for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "map-contact-form-7" plugin v1.0.2 exhibits a mixed security posture. On the positive side, it utilizes prepared statements for its sole SQL query and demonstrates a reasonable percentage of properly escaped output. The absence of reported vulnerabilities in its history is also a good indicator of past security consciousness. However, significant concerns arise from its attack surface. A total of 5 entry points are identified, with a worrying 4 of them lacking authentication checks. This means that nearly all of the plugin's interactive features are potentially accessible to unauthenticated users, creating a broad attack vector. While the taint analysis did not reveal critical or high severity unsanitized paths, the presence of 2 flows with unsanitized paths warrants attention, especially in conjunction with the unprotected AJAX handlers.

Key Concerns

  • 4 unprotected AJAX handlers
  • 2 flows with unsanitized paths
  • No capability checks on entry points
Vulnerabilities
None known

Maps for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Maps for Contact Form 7 Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
10
18 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

64% escaped28 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
list_page (admin\includes\menu_page.php:26)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Maps for Contact Form 7 Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 4

authwp_ajax_getmarkerinfosincludes\shortcode.php:15
noprivwp_ajax_getmarkerinfosincludes\shortcode.php:16
authwp_ajax_getrankincludes\shortcode.php:17
noprivwp_ajax_getrankincludes\shortcode.php:18

Shortcodes 1

[maps-for-contact-form-7] load.php:51
WordPress Hooks 14
actionadmin_initadmin\admin.php:7
actionadmin_menuadmin\admin.php:16
actionadmin_enqueue_scriptsadmin\admin.php:28
filtermap_meta_capincludes\capabilities.php:3
actionwpcf7_submitincludes\contact-form.php:24
actionwp_enqueue_scriptsincludes\controller.php:6
actionscript_loader_tagincludes\controller.php:31
actionplugins_loadedload.php:47
actioninitload.php:59
filterpre_update_option_active_pluginsload.php:83
actionwpcf7_initmodules\place.php:8
filterwpcf7_validate_placemodules\place.php:246
filterwpcf7_validate_place*modules\place.php:248
actionwpcf7_admin_initmodules\place.php:268
Maintenance & Trust

Maps for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedJun 5, 2021
PHP min version7.0
Downloads827

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Maps for Contact Form 7 Alternatives

Database Addon for Contact Form 7 – CFDB7

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

A
90

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs
Redirection for Contact Form 7

Redirection for Contact Form 7

wpcf7-redirect

A
88

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs
Advanced Contact form 7 DB

Advanced Contact form 7 DB

advanced-cf7-db

B
83

Save all contact form 7 form submitted data to the database, View, Ordering, Change field labels and Import/Export data using CSV.

70K 6 CVEs
Connect Contact Form 7 and Mailchimp

Connect Contact Form 7 and Mailchimp

contact-form-7-mailchimp-extension

A
96

Connect Contact Form 7 to Mailchimp. Automatically sync form submissions to your Mailchimp audiences with merge field mapping, double opt-in, and opt- …

50K 3 CVEs
Contact Form 7 Multi-Step Forms

Contact Form 7 Multi-Step Forms

contact-form-7-multi-step-module

A
99

Enables the Contact Form 7 plugin to create multi-page, multi-step forms.

50K 1 CVE
Developer Profile

Maps for Contact Form 7 Developer Profile

tanakayasuo

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Maps for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/map-contact-form-7/admin/css/styles.css/wp-content/plugins/map-contact-form-7/includes/js/maps.js/wp-content/plugins/map-contact-form-7/includes/css/styles.css
Script Paths
/wp-content/plugins/map-contact-form-7/includes/js/maps.js
Version Parameters
map-contact-form-7/admin/css/styles.css?ver=map-contact-form-7/includes/js/maps.js?ver=map-contact-form-7/includes/css/styles.css?ver=

HTML / DOM Fingerprints

CSS Classes
maps-for-cf7-place
JS Globals
mapsForContactForm7Shortcode
Shortcode Output
[place][place*]
FAQ

Frequently Asked Questions about Maps for Contact Form 7