WP-Safety

Message Popup For Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/message-popup-for-contact-form-7

Message Popup For Contact Form 7 to make the best way to set up popup on success and failed messages. After submitting form Open Popup in contact form …

1K active installs v1.0 PHP + WP 5.5+ Updated May 12, 2025
contact-form-7message-popup-for-contact-form-7
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Message Popup For Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 100/100

Message Popup For Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago
Risk Assessment

The static analysis of "message-popup-for-contact-form-7" v1.0 indicates a generally good security posture. The plugin exhibits a small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that could be exploited. The code also demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively. File operations and external HTTP requests are absent, reducing potential attack vectors. However, a notable concern is the absence of nonce checks and capability checks, which are crucial for securing entry points and preventing unauthorized actions. While the taint analysis revealed no critical or high severity flows with unsanitized paths, and the vulnerability history is clean, the lack of these fundamental security mechanisms presents a significant weakness. The high percentage of properly escaped output (77%) is positive, but the remaining 23% could still pose a risk if exposed to user-controlled data. In conclusion, the plugin has strengths in its limited attack surface and secure data handling for SQL, but the complete lack of nonce and capability checks is a serious oversight that leaves it vulnerable to certain types of attacks. Future versions should prioritize implementing these essential security features.

Key Concerns

  • Missing nonce checks
  • Missing capability checks
  • Unescaped output (23%)
Vulnerabilities
None known

Message Popup For Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Message Popup For Contact Form 7 Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
26
87 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

77% escaped113 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
MPFCF7_panel_callback (includes\admin.php:12)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Message Popup For Contact Form 7 Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
actionwpcf7_editor_panelsincludes\admin.php:2
actionwpcf7_after_saveincludes\admin.php:423
actionwp_footerincludes\admin.php:534
actionadmin_footerincludes\admin.php:546
actionadmin_enqueue_scriptsmessage-popup-for-contact-form-7.php:41
actionwp_enqueue_scriptsmessage-popup-for-contact-form-7.php:74
Maintenance & Trust

Message Popup For Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMay 12, 2025
PHP min version
Downloads8K

Community Trust

Rating86/100
Number of ratings3
Active installs1K
Alternatives

Message Popup For Contact Form 7 Alternatives

Database Addon for Contact Form 7 – CFDB7

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

A
90

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs
ReCaptcha v2 for Contact Form 7

ReCaptcha v2 for Contact Form 7

wpcf7-recaptcha

A
100

Adds reCaptcha v2 from Contact Form 7 5.0.5 that was dropped on Contact Form 7 5.1

200K No CVEs
Redirection for Contact Form 7

Redirection for Contact Form 7

wpcf7-redirect

A
88

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs
Conditional Fields for Contact Form 7

Conditional Fields for Contact Form 7

cf7-conditional-fields

A
97

Adds conditional logic to Contact Form 7.

100K 4 CVEs
Contact Form 7 – Dynamic Text Extension

Contact Form 7 – Dynamic Text Extension

contact-form-7-dynamic-text-extension

B
74

Extends Contact Form 7 by adding dynamic form fields that accepts shortcodes to prepopulate form fields with default values and dynamic placeholders.

100K 1 unpatched
Developer Profile

Message Popup For Contact Form 7 Developer Profile

howdytheme

18 plugins · 5K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Message Popup For Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/message-popup-for-contact-form-7/public/js/coloris.min.js/wp-content/plugins/message-popup-for-contact-form-7/admin/js/design.js/wp-content/plugins/message-popup-for-contact-form-7/public/css/coloris.min.css/wp-content/plugins/message-popup-for-contact-form-7/public/js/sweetalert.min.js/wp-content/plugins/message-popup-for-contact-form-7/public/js/design.js/wp-content/plugins/message-popup-for-contact-form-7/public/css/sweetalert.css
Script Paths
/wp-content/plugins/message-popup-for-contact-form-7/public/js/coloris.min.js/wp-content/plugins/message-popup-for-contact-form-7/admin/js/design.js/wp-content/plugins/message-popup-for-contact-form-7/public/js/sweetalert.min.js/wp-content/plugins/message-popup-for-contact-form-7/public/js/design.js
Version Parameters
message-popup-for-contact-form-7/public/js/coloris.min.js?ver=message-popup-for-contact-form-7/admin/js/design.js?ver=message-popup-for-contact-form-7/public/css/coloris.min.css?ver=message-popup-for-contact-form-7/public/js/sweetalert.min.js?ver=message-popup-for-contact-form-7/public/js/design.js?ver=message-popup-for-contact-form-7/public/css/sweetalert.css?ver=

HTML / DOM Fingerprints

CSS Classes
mpfcf7_color
Data Attributes
mpfcf7_popup_success_enabledmpfcf7_btn_textmpfcf7_popup_widthmpfcf7_popup_border_radiousmpfcf7_background_overlaympfcf7_background_color+7 more
JS Globals
popup_message
FAQ

Frequently Asked Questions about Message Popup For Contact Form 7