Does Message Notification for Contact Form 7 have any unpatched vulnerabilities?

No. All known vulnerabilities in Message Notification for Contact Form 7 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Message Notification for Contact Form 7 compatible with WordPress 5.9.13?

According to WordPress.org data, Message Notification for Contact Form 7 1.0 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

Is Message Notification for Contact Form 7 compatible with PHP 5.6+?

Message Notification for Contact Form 7 requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Message Notification for Contact Form 7 updated?

Message Notification for Contact Form 7 was last updated on May 17, 2022. Frequent updates are generally a positive security signal.

What is Message Notification for Contact Form 7's security score?

Message Notification for Contact Form 7 has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Message Notification for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/message-notification-for-contact-form-7

Get a notification on WhatsApp instantly when someone submits the Contact Form 7(CF7). Database & Email not needed. 100% Free. No pro version.

10 active installs v1.0 PHP 5.6+ WP 4.6+ Updated May 17, 2022

cf7contact-form-7contact-form-7-notificationwhatsapp-notificationswhatso

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Message Notification for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 85/100

Message Notification for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The plugin 'message-notification-for-contact-form-7' v1.0 exhibits a strong security posture based on the provided static analysis. The absence of any identified dangerous functions, unsanitized paths in taint analysis, and the exclusive use of prepared statements for all SQL queries are significant strengths. Furthermore, the complete proper escaping of all output and the absence of file operations or external HTTP requests mitigate common attack vectors. The plugin also demonstrates good practices by including a nonce check, which helps prevent cross-site request forgery. However, the complete lack of capability checks on any entry points (AJAX, REST API, shortcodes, cron) is a notable concern. While the attack surface is reported as zero in terms of exposed handlers and routes, if any were present, they would be entirely unprotected. The history of zero known CVEs is positive, suggesting a history of secure development, but the lack of capability checks leaves potential vulnerabilities unaddressed should new entry points be introduced or become active.

Key Concerns

No capability checks on entry points

Vulnerabilities

None known

Message Notification for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Message Notification for Contact Form 7 Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

82 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

100% escaped82 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

<message-notification-for-contact-form-7-admin-display> (admin\partials\message-notification-for-contact-form-7-admin-display.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Message Notification for Contact Form 7 Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionplugins_loadedincludes\class-message-notification-for-contact-form-7.php:144

actionadmin_enqueue_scriptsincludes\class-message-notification-for-contact-form-7.php:159

actionadmin_enqueue_scriptsincludes\class-message-notification-for-contact-form-7.php:160

actionadmin_menuincludes\class-message-notification-for-contact-form-7.php:162

actionwhatso_user_credentialsincludes\class-message-notification-for-contact-form-7.php:164

filteradmin_footer_textincludes\class-message-notification-for-contact-form-7.php:165

filterwpcf7_before_send_mailincludes\class-message-notification-for-contact-form-7.php:386

Maintenance & Trust

Message Notification for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedMay 17, 2022

PHP min version5.6

Downloads944

Community Trust

Rating20/100

Number of ratings1

Active installs10

Alternatives

Message Notification for Contact Form 7 Alternatives

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs

Redirection for Contact Form 7

wpcf7-redirect

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs

Advanced Contact form 7 DB

advanced-cf7-db

Save all contact form 7 form submitted data to the database, View, Ordering, Change field labels and Import/Export data using CSV.

70K 6 CVEs

Connect Contact Form 7 and Mailchimp

contact-form-7-mailchimp-extension

Connect Contact Form 7 to Mailchimp. Automatically sync form submissions to your Mailchimp audiences with merge field mapping, double opt-in, and opt- …

50K 3 CVEs

Contact Form 7 Multi-Step Forms

contact-form-7-multi-step-module

Enables the Contact Form 7 plugin to create multi-page, multi-step forms.

50K 1 CVE

Developer Profile

Message Notification for Contact Form 7 Developer Profile

WhatsOn

2 plugins · 110 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Message Notification for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/message-notification-for-contact-form-7/admin/css/message-notification-for-contact-form-7-admin.css/wp-content/plugins/message-notification-for-contact-form-7/admin/css/bootstrap.min.css/wp-content/plugins/message-notification-for-contact-form-7/admin/js/message-notification-for-contact-form-7-admin.js/wp-content/plugins/message-notification-for-contact-form-7/admin/js/bootstrap.min.js/wp-content/plugins/message-notification-for-contact-form-7/admin/js/bootstrap.bundle.min.js

Script Paths

/wp-content/plugins/message-notification-for-contact-form-7/admin/js/message-notification-for-contact-form-7-admin.js/wp-content/plugins/message-notification-for-contact-form-7/admin/js/bootstrap.min.js/wp-content/plugins/message-notification-for-contact-form-7/admin/js/bootstrap.bundle.min.js

Version Parameters

message-notification-for-contact-form-7-admin.css?ver=bootstrap.min.css?ver=message-notification-for-contact-form-7-admin.js?ver=bootstrap.min.js?ver=bootstrap.bundle.min.js?ver=

HTML / DOM Fingerprints

FAQ