NAAS Contact Form 7 Redirect Security & Risk Analysis

wordpress.org/plugins/naas-contact-form-7-redirect

The ultimate add-on for Contact Form 7 – redirect to any page you choose or any external link after the form submits successfully.

0 active installs v1.0.1 PHP 5.5+ WP 4.9+ Updated Apr 6, 2021
contact-form-7contact-form-7-extensioncontact-form-thank-youthank-you-page-redirection
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is NAAS Contact Form 7 Redirect Safe to Use in 2026?

Generally Safe

Score 85/100

NAAS Contact Form 7 Redirect has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "naas-contact-form-7-redirect" plugin version 1.0.1 exhibits a concerning security posture, primarily due to its unprotected entry points. While the code analysis reveals no dangerous functions, SQL injection vulnerabilities (all queries are prepared), or file operations, and there's a high percentage of properly escaped output, the presence of two AJAX handlers without any authentication or capability checks represents a significant risk. This lack of authorization means that any authenticated user could potentially trigger these AJAX actions, leading to unintended consequences or further exploitation if these handlers are not properly secured within their own logic.

The plugin's vulnerability history is clean, with no recorded CVEs. This is a positive sign, suggesting that the plugin has been historically well-maintained or has not attracted significant security attention. However, the absence of historical vulnerabilities does not mitigate the immediate risks identified in the static analysis. The lack of taint analysis results also makes it difficult to assess potential issues related to data flow and sanitization for more complex attack vectors.

In conclusion, while the plugin benefits from a clean vulnerability record and secure SQL handling, the unprotected AJAX endpoints present a critical weakness. The overall security is significantly compromised by these exposed entry points. Developers should prioritize implementing proper authentication and authorization checks on these AJAX handlers to address the immediate security concerns and improve the plugin's overall robustness.

Key Concerns

  • AJAX handlers without auth checks
  • Large attack surface without auth
  • No nonce checks on AJAX
  • Low number of entry points analyzed
Vulnerabilities
None known

NAAS Contact Form 7 Redirect Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

NAAS Contact Form 7 Redirect Release Timeline

v1.0.1Current
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

NAAS Contact Form 7 Redirect Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
16 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

89% escaped18 total outputs
Attack Surface
2 unprotected

NAAS Contact Form 7 Redirect Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_naas_contact_form_7_redirect_get_form_pageincludes/library/redirect.php:46
noprivwp_ajax_naas_contact_form_7_redirect_get_form_pageincludes/library/redirect.php:47
WordPress Hooks 6
actionadmin_enqueue_scriptsincludes/enqueue.php:17
actionwp_enqueue_scriptsincludes/enqueue.php:38
filterwpcf7_editor_panelsincludes/helper/contact_tabs.php:21
actionwpcf7_after_saveincludes/helper/contact_tabs.php:109
actionadmin_noticesincludes/notices.php:20
actionadmin_noticesnaas-contact-form-7-redirect.php:71
Maintenance & Trust

NAAS Contact Form 7 Redirect Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedApr 6, 2021
PHP min version5.5
Downloads942

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

NAAS Contact Form 7 Redirect Developer Profile

NAAS Digital

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect NAAS Contact Form 7 Redirect

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/naas-contact-form-7-redirect/assets/css/admin.css/wp-content/plugins/naas-contact-form-7-redirect/assets/js/admin.js/wp-content/plugins/naas-contact-form-7-redirect/assets/css/client.css/wp-content/plugins/naas-contact-form-7-redirect/assets/js/client.js/wp-content/plugins/naas-contact-form-7-redirect/assets/js/naas_redirect_method.js
Version Parameters
naas_contact_form_7_redirect-admin-cssnaas_contact_form_7_redirect-adminnaas_contact_form_7_redirect-client-cssnaas_contact_form_7_redirect-clientnaas_contact_form_7_redirect-redirect_method

HTML / DOM Fingerprints

CSS Classes
naas_contact_form_7_redirect_tabs_table_mainnaas_contact_form_7_redirect_tabs_table_title_widthnaas_contact_form_7_redirect_tabs_table_body_widthnaas_contact_form_7_redirect_select_dropdownnaas_contact_form_7_redirect_urlnaas_contact_form_7_redirect_redirect_optionnaas_contact_form_7_redirect_thank
Data Attributes
naas_contact_form_7_redirect_enablenaas_contact_form_7_redirect_redirect_typenaas_contact_form_7_redirect_urlnaas_contact_form_7_redirect_tabnaas_contact_form_7_redirect_page
JS Globals
naas_contact_form_7_redirect_ajax_object
FAQ

Frequently Asked Questions about NAAS Contact Form 7 Redirect