Does Math Captcha for Contact Form 7 have any unpatched vulnerabilities?

No. All known vulnerabilities in Math Captcha for Contact Form 7 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Math Captcha for Contact Form 7 compatible with WordPress 6.9.4?

According to WordPress.org data, Math Captcha for Contact Form 7 1.0.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Math Captcha for Contact Form 7 compatible with PHP 7.4+?

Math Captcha for Contact Form 7 requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Math Captcha for Contact Form 7 updated?

Math Captcha for Contact Form 7 was last updated on Feb 20, 2026. Frequent updates are generally a positive security signal.

What is Math Captcha for Contact Form 7's security score?

Math Captcha for Contact Form 7 has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Math Captcha for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/math-captcha-for-contact-form-7

A powerful, lightweight, and smart Math Captcha solution to block spam from Contact Form 7, WP Login, WooCommerce, and Tutor LMS forms.

100 active installs v1.0.5 PHP 7.4+ WP 5.8+ Updated Feb 20, 2026

captchacontact-form-7spam-protectiontutor-lmswoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Math Captcha for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 100/100

Math Captcha for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "math-captcha-for-contact-form-7" plugin v1.0.5 exhibits a strong security posture based on the provided static analysis. The absence of direct attack surface entry points like AJAX handlers, REST API routes, shortcodes, and cron events is a significant strength. Furthermore, the code demonstrates good security practices by utilizing prepared statements for all SQL queries and performing a high percentage of output escaping. The presence of nonce checks further indicates a thoughtful approach to preventing common WordPress vulnerabilities.

The taint analysis revealing zero flows with unsanitized paths, and the vulnerability history showing no known CVEs, are excellent indicators of the plugin's current security. This suggests that the developers have likely addressed any past security concerns or have maintained a clean codebase from the outset. The plugin's lack of file operations and external HTTP requests also reduces its potential attack surface.

Overall, the plugin appears to be very secure. The strengths heavily outweigh any potential minor concerns. The absence of critical or high-severity issues in both static analysis and historical data, coupled with good coding practices, makes this plugin a low-risk addition to a WordPress site.

Key Concerns

No critical or high severity taint flows
No SQL queries without prepared statements
High percentage of properly escaped output
No known CVEs
No direct attack surface entry points
Nonce checks present
No capability checks detected
Minor percentage of unescaped output

Vulnerabilities

None known

Math Captcha for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Math Captcha for Contact Form 7 Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

40 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

91% escaped44 total outputs

Attack Surface

Math Captcha for Contact Form 7 Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 17

actionwpcf7_initincludes\class-math-captcha-for-contact-form-7.php:18

filterwpcf7_validate_mathcaptcha*includes\class-math-captcha-for-contact-form-7.php:19

filterwpcf7_validate_mathcaptchaincludes\class-math-captcha-for-contact-form-7.php:20

actionwpcf7_admin_initincludes\class-math-captcha-for-contact-form-7.php:23

actionlogin_formincludes\class-math-captcha-for-contact-form-7.php:28

filterauthenticateincludes\class-math-captcha-for-contact-form-7.php:29

actionwoocommerce_login_formincludes\class-math-captcha-for-contact-form-7.php:32

filterwoocommerce_process_login_errorsincludes\class-math-captcha-for-contact-form-7.php:33

actionwoocommerce_register_formincludes\class-math-captcha-for-contact-form-7.php:34

filterwoocommerce_process_registration_errorsincludes\class-math-captcha-for-contact-form-7.php:35

actiontutor_login_form_endincludes\class-math-captcha-for-contact-form-7.php:38

filtertutor_process_login_errorsincludes\class-math-captcha-for-contact-form-7.php:39

actiontutor_student_registration_form_endincludes\class-math-captcha-for-contact-form-7.php:40

filtertutor_student_registration_errorsincludes\class-math-captcha-for-contact-form-7.php:41

filterwpcf7_contact_form_propertiesincludes\class-math-captcha-for-contact-form-7.php:44

actionadmin_menuincludes\class-math-captcha-settings.php:17

actionadmin_initincludes\class-math-captcha-settings.php:18

Maintenance & Trust

Math Captcha for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 20, 2026

PHP min version7.4

Downloads677

Community Trust

Rating100/100

Number of ratings3

Active installs100

Alternatives

Math Captcha for Contact Form 7 Alternatives

Contact Form 7 Captcha

contact-form-7-simple-recaptcha

Protect your Contact Form 7 forms with Google reCAPTCHA V2, Google reCAPTCHA V3, hCAPTCHA, or Cloudflare Turnstile.

100K 2 CVEs

Invisible reCaptcha for WordPress

invisible-recaptcha

Invisible reCaptcha for WordPress plugin helps you to protect your sites against bad spam bots using the new Invisible reCaptcha by Google.

90K No CVEs

Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms

captcha-bws

1 The Ultimate Spam Protection Plugin Using Captcha for WordPress Forms.

10K 2 CVEs

SilentShield – Captcha & Anti-Spam for WordPress (CF7, WPForms, Elementor, WooCommerce)

captcha-for-contact-form-7

100

SilentShield – the invisible shield against spam. Spam is the weed of the internet. It clogs your forms, steals your time, and corrupts your data.

10K 1 CVE

$WP Advanced Math Captcha$

WP Advanced Math Captcha

wp-advanced-math-captcha

100

Protect your WordPress site with a powerful and user-friendly Math Captcha. Now with seamless WooCommerce, WPForms, and Formidable Forms integration!

7K No CVEs

Developer Profile

Math Captcha for Contact Form 7 Developer Profile

Shohidul Islam Apu

1 plugin · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Math Captcha for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/math-captcha-for-contact-form-7/math-captcha.js/wp-content/plugins/math-captcha-for-contact-form-7/math-captcha.css

Script Paths

/wp-content/plugins/math-captcha-for-contact-form-7/math-captcha.js

Version Parameters

math-captcha-for-contact-form-7/math-captcha.js?ver=math-captcha-for-contact-form-7/math-captcha.css?ver=

HTML / DOM Fingerprints

CSS Classes

wpcf7-form-control-wrapmath-captcha-message

Data Attributes

data-name

JS Globals

MathCaptchaAjax

FAQ