Does MultiLine Files for Contact Form 7 have any unpatched vulnerabilities?

No. All known vulnerabilities in MultiLine Files for Contact Form 7 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MultiLine Files for Contact Form 7 compatible with WordPress 6.9.4?

According to WordPress.org data, MultiLine Files for Contact Form 7 3.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is MultiLine Files for Contact Form 7 compatible with PHP 7.4+?

MultiLine Files for Contact Form 7 requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MultiLine Files for Contact Form 7 updated?

MultiLine Files for Contact Form 7 was last updated on Dec 15, 2025. Frequent updates are generally a positive security signal.

What is MultiLine Files for Contact Form 7's security score?

MultiLine Files for Contact Form 7 has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MultiLine Files for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/multiline-files-for-contact-form-7

Upload unlimited files to Contact Form 7 with an intuitive interface, file management, and automatic ZIP compression for email delivery.

10K active installs v3.1.0 PHP 7.4+ WP 5.6+ Updated Dec 15, 2025

contact-form-7file-attachmentfile-uploaderform-pluginmultiple-file-upload

A · Safe

CVEs total1

Unpatched0

Last CVEOct 15, 2024

Plugin page Download

Safety Verdict

Is MultiLine Files for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 99/100

MultiLine Files for Contact Form 7 has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 15, 2024Updated 3mo ago

Risk Assessment

The 'multiline-files-for-contact-form-7' plugin, version 3.1.0, exhibits a generally strong security posture based on the static analysis. It effectively utilizes prepared statements for all SQL queries and includes nonce and capability checks for its entry points. The absence of taint analysis findings and critical or high severity code signals suggests a low risk of direct code execution or data compromise through common attack vectors. However, the plugin has a history of known vulnerabilities, including a medium severity issue in the past, and the static analysis indicates a moderate rate of unescaped output, which could present a cross-site scripting (XSS) risk if user-supplied data is displayed without proper sanitization. While the attack surface is small and currently unprotected entry points are zero, the presence of past vulnerabilities warrants vigilance, especially regarding output escaping.

Key Concerns

Moderate rate of unescaped output
History of known vulnerability (medium severity)

Vulnerabilities

MultiLine Files for Contact Form 7 Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-9891medium · 4.3Missing Authorization

Multiline files upload for contact form 7 <= 2.8.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation

Oct 15, 2024 Patched in 2.9 (1d)

Code Analysis

Analyzed Mar 16, 2026

MultiLine Files for Contact Form 7 Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

57% escaped21 total outputs

Attack Surface

MultiLine Files for Contact Form 7 Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_custom_plugin_deactivatemultiline-admin.php:544

authwp_ajax_deactive_plugin_without_feedbackmultiline-admin.php:576

WordPress Hooks 26

actionadmin_enqueue_scriptsmultiline-admin.php:9

actionadmin_enqueue_scriptsmultiline-admin.php:13

actionwpcf7_admin_initmultiline-admin.php:40

actionwpcf7_admin_noticesmultiline-admin.php:189

actionadmin_initmultiline-admin.php:213

actionadmin_noticesmultiline-admin.php:240

actionadmin_noticesmultiline-admin.php:271

actionadmin_noticesmultiline-admin.php:303

actionadmin_footermultiline-admin.php:472

actionadmin_noticesmultiline-admin.php:557

actionadmin_noticesmultiline-admin.php:567

actionadmin_noticesmultiline-files-upload-for-contact-form-7.php:36

actionadmin_initmultiline-files-upload-for-contact-form-7.php:64

actionadmin_noticesmultiline-files-upload-for-contact-form-7.php:76

actionwp_enqueue_scriptsmultiline-files-upload-for-contact-form-7.php:109

actionwp_enqueue_scriptsmultiline-files-upload-for-contact-form-7.php:114

actionwpcf7_initmultiline-files-upload-for-contact-form-7.php:121

filterwpcf7_form_enctypemultiline-files-upload-for-contact-form-7.php:227

actionwpcf7_before_send_mailmultiline-files-upload-for-contact-form-7.php:244

filterwpcf7_validate_multilinefilemultiline-files-upload-for-contact-form-7.php:319

filterwpcf7_validate_multilinefile*multiline-files-upload-for-contact-form-7.php:320

filterwpcf7_validate_multilinefilemultiline-files-upload-for-contact-form-7.php:322

filterwpcf7_validate_multilinefile*multiline-files-upload-for-contact-form-7.php:323

filterwpcf7_messagesmultiline-files-upload-for-contact-form-7.php:694

filterplugin_row_metamultiline-files-upload-for-contact-form-7.php:785

actionplugins_loadedmultiline-files-upload-for-contact-form-7.php:787

Maintenance & Trust

MultiLine Files for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 15, 2025

PHP min version7.4

Downloads124K

Community Trust

Rating98/100

Number of ratings49

Active installs10K

Alternatives

MultiLine Files for Contact Form 7 Alternatives

AFA – Mobile-Ready Submission Manager

afa-submission-manager

AFA - Mobile-Ready Submission allows you to receive forms submissions directly on your phone with the "AFA Mobile App".

0 No CVEs

Sync Forms with Brilliant Directories

sync-forms-with-brilliant-directories

100

Easily sync WordPress form submissions to Brilliant Directories with the ‘Sync Forms with Brilliant Directories’ plugin. Automatically create Members …

0 No CVEs

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs

Forminator Forms – Contact Form, Payment Form & Custom Form Builder

forminator

Best WordPress form builder plugin. Create contact forms, payment forms & order forms with 1000+ integrations.

600K 36 CVEs

Developer Profile

MultiLine Files for Contact Form 7 Developer Profile

Maulik Vora

5 plugins · 10K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

123 days

View full developer profile

Detection Fingerprints

How We Detect MultiLine Files for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/multiline-files-for-contact-form-7/js/zl-multine-files.js/wp-content/plugins/multiline-files-for-contact-form-7/css/style.css

Script Paths

js/zl-multine-files.js

Version Parameters

multiline-files-for-contact-form-7/css/style.css?12

HTML / DOM Fingerprints

CSS Classes

mfcf7-zl-multiline-samplemfcf7-zl-multifile-namemfcf7_zl_delete_filemfcf7_zl_add_filezl-form-control-wrap

Data Attributes

id="mfcf7_zl_multifilecontainer"

JS Globals

window.jQuery

Shortcode Output

<a href="javascript:void(0);" class="mfcf7_zl_delete_file">❌

FAQ