Does Newsletter for Contact Form 7 have any unpatched vulnerabilities?

No. All known vulnerabilities in Newsletter for Contact Form 7 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Newsletter for Contact Form 7 compatible with WordPress 4.9.29?

According to WordPress.org data, Newsletter for Contact Form 7 1.27.1 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Newsletter for Contact Form 7 updated?

Newsletter for Contact Form 7 was last updated on Apr 27, 2018. Frequent updates are generally a positive security signal.

What is Newsletter for Contact Form 7's security score?

Newsletter for Contact Form 7 has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Newsletter for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/newsletter-for-contact-form-7

List building, create, send and track e-mails for Contact Form 7

10 active installs v1.27.1 PHP + WP 4.4+ Updated Apr 27, 2018

cf7cf7-databasecf7-newslettercf7-storagecontact-form-7

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Newsletter for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 85/100

Newsletter for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "newsletter-for-contact-form-7" plugin v1.27.1 presents a generally favorable security posture with no known vulnerabilities and a clean vulnerability history. The static analysis indicates a small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, and importantly, no unprotected entry points. The code also avoids dangerous functions, file operations, and external HTTP requests.

However, there are areas for improvement. The single SQL query identified is not using prepared statements, which presents a potential risk of SQL injection if the input involved in the query is not strictly sanitized at a later stage. Furthermore, the taint analysis revealed two flows with unsanitized paths. While these did not escalate to critical or high severity vulnerabilities in this analysis, they represent potential vectors for issues if they interact with the raw SQL query or are exposed in unescaped output.

Overall, the plugin is well-architected in terms of access control and avoids common pitfalls. The absence of vulnerabilities is a strong positive indicator. The key concerns lie within the handling of the SQL query and the identified unsanitized taint flows, which, despite not being critical here, warrant attention for future development to ensure robust security.

Key Concerns

SQL queries not using prepared statements
Taint flow with unsanitized paths
Taint flow with unsanitized paths

Vulnerabilities

None known

Newsletter for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Newsletter for Contact Form 7 Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

67% escaped3 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

azm_cf7_wp_loaded (azh_cf7_newsletter.php:211)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Newsletter for Contact Form 7 Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionplugins_loadedazh_cf7_newsletter.php:12

actionadmin_noticesazh_cf7_newsletter.php:18

actioninitazh_cf7_newsletter.php:27

filterdefault_hidden_meta_boxesazh_cf7_newsletter.php:58

filterazr_formsazh_cf7_newsletter.php:105

actionwpcf7_before_send_mailazh_cf7_newsletter.php:162

actionadmin_enqueue_scriptsazh_cf7_newsletter.php:193

actionwp_loadedazh_cf7_newsletter.php:209

Maintenance & Trust

Newsletter for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedApr 27, 2018

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Newsletter for Contact Form 7 Alternatives

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs

Database for CF7

database-for-cf7

Save CF7 submitted form informations into your WordPress database.

2K 1 CVE

WPSyncSheets For Contact Form 7 – CF7 Google Sheets Connector & Save to Database

contactsheets-lite

100

Connect Contact Form 7 submissions to Google Sheets to sync your form entries and save all cf7 forms submitted data to the database.

400 No CVEs

PeproDev CF7 SMS Notifier

pepro-cf7-sms-notifier

Send notifications to User and Admins upon Contact Form 7 Submission

20 No CVEs

BCodeCraft Submissions for Contact Form 7

bcodecraft-submissions-cf7

100

Secure storage and management of Contact Form 7 submissions with advanced security features. Never lose a lead again!

0 No CVEs

Developer Profile

Newsletter for Contact Form 7 Developer Profile

azexo

9 plugins · 130 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Newsletter for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/newsletter-for-contact-form-7/js/admin.js

Script Paths

js/admin.js

Version Parameters

azm_cf7_admin

HTML / DOM Fingerprints

CSS Classes

azm-cf7-admin-notice

Data Attributes

data-azm-cf7-id

JS Globals

azm_cf7

FAQ