WP-Safety

PDF for Contact Form 7 + Drag and Drop Template Builder Security & Risk Analysis

wordpress.org/plugins/pdf-for-contact-form-7

The plugin helps you create PDF for contact form 7 you can builder template pdf

500 active installs v6.5.1 PHP 5.6+ WP 2.0+ Updated Feb 13, 2026
contact-form-7-pdfcontact-form-pdfpdf-cf7pdf-contact-formpdf-contact-form-7
96
A · Safe
CVEs total2
Unpatched0
Last CVEDec 11, 2025
Plugin page Download
Safety Verdict

Is PDF for Contact Form 7 + Drag and Drop Template Builder Safe to Use in 2026?

Generally Safe

Score 96/100

PDF for Contact Form 7 + Drag and Drop Template Builder has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 11, 2025Updated 1mo ago
Risk Assessment

The "pdf-for-contact-form-7" plugin, version 6.5.1, exhibits a mixed security posture. While it demonstrates good practices with 100% prepared statements for SQL queries and a high percentage of properly escaped outputs, there are areas of concern. The presence of one AJAX handler without authentication checks represents a significant entry point that attackers could potentially exploit to manipulate plugin functionality. Furthermore, the plugin's vulnerability history reveals a pattern of concerning vulnerability types, including "Missing Authorization" and "Deserialization of Untrusted Data," with a past high-severity vulnerability. Although there are currently no unpatched vulnerabilities, this historical pattern suggests a tendency for the plugin to develop security flaws in these critical areas.

The static analysis shows a relatively large attack surface with 14 entry points, with one being unprotected. The plugin also utilizes bundled libraries, TinyMCE and TCPDF, which could introduce risks if they are not kept up-to-date or have known vulnerabilities. Despite the positive indicators like strong SQL and output sanitization, the unprotected AJAX handler and the historical vulnerability trends necessitate caution. The plugin's strengths lie in its careful handling of database operations and output, but its weaknesses are concentrated in authentication and authorization mechanisms, and its past vulnerability patterns indicate a need for more rigorous security auditing.

Key Concerns

  • Unprotected AJAX handler found
  • Past high-severity vulnerability recorded
  • Bundled libraries (potential outdated dependencies)
Vulnerabilities
2

PDF for Contact Form 7 + Drag and Drop Template Builder Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2025-14074medium · 5.3Missing Authorization

PDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication

Dec 11, 2025 Patched in 6.3.4 (1d)
CVE-2025-60081high · 7.5Deserialization of Untrusted Data

PDF for Contact Form 7 <= 6.5.0 - Authenticated (Subscriber+) PHP Object Injection

Aug 23, 2025 Patched in 6.5.1 (161d)
Code Analysis
Analyzed Mar 16, 2026

PDF for Contact Form 7 + Drag and Drop Template Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
13
302 escaped
Nonce Checks
10
Capability Checks
5
File Operations
5
External Requests
6
Bundled Libraries
2

Bundled Libraries

TinyMCETCPDF

SQL Query Safety

100% prepared4 total queries

Output Escaping

96% escaped315 total outputs
Data Flows
All sanitized

Data Flow Analysis

6 flows
yeepdf_import_template (backend\ajax.php:15)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

PDF for Contact Form 7 + Drag and Drop Template Builder Attack Surface

Entry Points14
Unprotected1

AJAX Handlers 8

authwp_ajax_yeepdf_builder_textbackend\ajax.php:8
authwp_ajax_yeepdf_builder_export_htmlbackend\ajax.php:9
authwp_ajax_pdf_reset_templatebackend\ajax.php:10
authwp_ajax_yeepdf_import_templatebackend\ajax.php:11
authwp_ajax_yeepdf_remove_fontbackend\settings.php:10
authwp_ajax_yeepdf_dropbox_client_id_validatebackend\settings.php:13
authwp_ajax_yeepdf_cf7_get_entriescontact-form-7\index.php:25
authwp_ajax_yeekit_dismiss_notyyeekit\document.php:13

Shortcodes 6

[yeepdf_barcode] backend\shortcode.php:5
[yeepdf_barcode_new] backend\shortcode.php:6
[yeepdf_qrcode] backend\shortcode.php:7
[yeepdf_qrcode_new] backend\shortcode.php:8
[pdf_download] backend\shortcode.php:9
[pdf_download_cf7] contact-form-7\index.php:20
WordPress Hooks 102
actionadmin_initbackend\ajax.php:12
actionadd_meta_boxesbackend\ajax.php:13
actionbuilder_yeepdfsbackend\demo\templates_demo.php:5
actionyeepdf_builder_block_formsbackend\forms\checkbox.php:5
filteryeepdf_builder_block_htmlbackend\forms\checkbox.php:6
actionyeepdf_builder_tab_block_addonsbackend\forms\index.php:5
actionyeepdf_builder_block_formsbackend\forms\index.php:6
filteryeepdf_builder_block_htmlbackend\forms\index.php:7
actionyeepdf_builder_tab__editor_beforebackend\forms\index.php:8
actionyeepdf_builder_block_formsbackend\forms\radio.php:5
filteryeepdf_builder_block_htmlbackend\forms\radio.php:6
actionyeepdf_builder_block_formsbackend\forms\select.php:5
filteryeepdf_builder_block_htmlbackend\forms\select.php:6
actionyeepdf_builder_block_formsbackend\forms\textarea.php:5
filteryeepdf_builder_block_htmlbackend\forms\textarea.php:6
actionadmin_enqueue_scriptsbackend\index.php:8
actionadmin_headbackend\index.php:9
actioninitbackend\index.php:10
actionadd_meta_boxesbackend\index.php:11
filterget_sample_permalink_htmlbackend\index.php:12
actionsave_post_yeepdfbackend\index.php:13
filteradmin_body_classbackend\index.php:14
actionadmin_footerbackend\index.php:15
filterpost_row_actionsbackend\index.php:16
actionyeepdf_builder_tab__editor_beforebackend\index.php:17
actionyeepdf_header_settingsbackend\index.php:18
actionyeepdf_footer_settingsbackend\index.php:19
actionyeepdf_watermark_text_settingsbackend\index.php:20
actionyeepdf_watermark_img_settingsbackend\index.php:21
actionadmin_menubackend\settings.php:9
actionyeepdf_custom_sizesbackend\settings.php:11
actionadmin_initbackend\settings.php:12
actionyeepdf_after_settingsbackend\settings.php:14
filterupload_mimesbackend\settings.php:15
actionadmin_noticesbackend\settings.php:152
actionadmin_initbackend\settings.php:296
actionadmin_footerbackend\setup.php:5
filteryeepdf_builder_shortcodebackend\shortcode.php:24
filteryeepdf_builder_block_htmlbackend\templates\barcode_qrcode.php:6
actionyeepdf_builder_blockbackend\templates\barcode_qrcode.php:7
actionyeepdf_builder_tab_block_addonsbackend\templates\block_templates.php:3
actionyeepdf_builder_blockbackend\templates\breakpoint.php:3
filteryeepdf_builder_block_htmlbackend\templates\breakpoint.php:14
filteryeepdf_builder_block_htmlbackend\templates\button.php:14
actionyeepdf_builder_blockbackend\templates\divider.php:3
filteryeepdf_builder_block_htmlbackend\templates\divider.php:14
actionyeepdf_builder_tab__editorbackend\templates\editor.php:6
actionyeepdf_condition_settingsbackend\templates\editor.php:7
actionyeepdf_builder_tab_block_templatebackend\templates\image-box.php:3
filteryeepdf_builder_block_htmlbackend\templates\image-box.php:14
actionyeepdf_builder_tab_block_templatebackend\templates\image-list.php:3
filteryeepdf_builder_block_htmlbackend\templates\image-list.php:14
actionyeepdf_builder_blockbackend\templates\image.php:3
actionyeepdf_builder_block_htmlbackend\templates\image.php:14
actionyeepdf_builder_block_htmlbackend\templates\index.php:3
actionyeepdf_builder_blockbackend\templates\rotate-text.php:3
filteryeepdf_builder_block_htmlbackend\templates\rotate-text.php:14
actionyeepdf_builder_tab_block_rowbackend\templates\row.php:4
filteryeepdf_builder_block_htmlbackend\templates\row.php:68
actionyeepdf_builder_blockbackend\templates\signature.php:3
actionyeepdf_builder_block_htmlbackend\templates\signature.php:14
actionyeepdf_builder_blockbackend\templates\spacer.php:3
filteryeepdf_builder_block_htmlbackend\templates\spacer.php:14
actionyeepdf_builder_blockbackend\templates\table.php:6
filteryeepdf_builder_block_htmlbackend\templates\table.php:7
actionyeepdf_builder_tab__editor_beforebackend\templates\table.php:8
actionyeepdf_builder_tab_block_templatebackend\templates\text-list.php:3
filteryeepdf_builder_block_htmlbackend\templates\text-list.php:14
actionyeepdf_builder_blockbackend\templates\text.php:3
filteryeepdf_builder_block_htmlbackend\templates\text.php:14
actionyeepdf_builder_tab_block_templatebackend\templates\title.php:3
filteryeepdf_builder_block_htmlbackend\templates\title.php:14
actionyeepdf_head_settingscontact-form-7\index.php:12
actionsave_post_yeepdfcontact-form-7\index.php:13
filteryeepdf_shortcodescontact-form-7\index.php:14
filterwpcf7_mail_componentscontact-form-7\index.php:15
filterwpcf7_editor_panelscontact-form-7\index.php:16
filtersave_postcontact-form-7\index.php:17
actionwpcf7_before_send_mailcontact-form-7\index.php:18
filterflamingo_add_inboundcontact-form-7\index.php:19
actionadmin_enqueue_scriptscontact-form-7\index.php:21
filteryeepdf_add_libscontact-form-7\index.php:22
filteryeepdf_builder_shortcodecontact-form-7\index.php:23
filteryeepdf_output_htmlcontact-form-7\index.php:24
actionyeepdf_cf7_settingscontact-form-7\index.php:26
filteryeepdf_setup_idcontact-form-7\index.php:27
filteryeepdf_setup_typecontact-form-7\index.php:28
filteryeepdf_setup_formscontact-form-7\index.php:29
filterwpcf7_mail_tag_replaced_textareacontact-form-7\index.php:431
filterwp_mail_content_typefrontend\index.php:22
filterupload_mimesfrontend\index.php:23
actioninitfrontend\index.php:24
filterpdf_before_render_datasfrontend\index.php:25
filtertemplate_includefrontend\index.php:74
actionadmin_menuyeekit\document.php:10
actionadmin_enqueue_scriptsyeekit\document.php:11
filterfluentform_global_addonsyeekit\document.php:12
actionadmin_noticesyeekit\document.php:14
actionelementor/element/form/section_form_options/after_section_endyeekit\document.php:15
actionadmin_inityeekit\document.php:17
actionelementor/editor/after_enqueue_stylesyeekit\document.php:19
filterhttp_responseyeekit\document.php:208
Maintenance & Trust

PDF for Contact Form 7 + Drag and Drop Template Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 13, 2026
PHP min version5.6
Downloads9K

Community Trust

Rating100/100
Number of ratings2
Active installs500
Alternatives

PDF for Contact Form 7 + Drag and Drop Template Builder Alternatives

PDF for WPForms + Drag and Drop Template Builder

PDF for WPForms + Drag and Drop Template Builder

pdf-for-wpforms

A
92

The plugin helps you create PDF for WPForms you can builder PDF template

1K 6 CVEs
PDF for Gravity Forms + Drag And Drop Template Builder

PDF for Gravity Forms + Drag And Drop Template Builder

pdf-for-gravity-forms

A
98

The plugin helps you create PDF for Gravity Forms you can builder template pdf

400 1 CVE
PDF for Forminator Forms + Drag and Drop Template Builder

PDF for Forminator Forms + Drag and Drop Template Builder

pdf-for-forminator-forms

A
100

Forminator PDF allows you to automatically generate PDF documents from your Forminator form submissions.

70 No CVEs
PDF for Ninja Forms + Drag and Drop Template Builder

PDF for Ninja Forms + Drag and Drop Template Builder

pdf-for-ninja-forms

A
100

The plugin helps you create PDF for Ninja Form you can builder template pdf

20 No CVEs
PDF for eForm + Drag And Drop Template Builder

PDF for eForm + Drag And Drop Template Builder

eforms-pdf

A
100

The plugin helps you create PDF for eForm you can builder template pdf

10 No CVEs
Developer Profile

PDF for Contact Form 7 + Drag and Drop Template Builder Developer Profile

add-ons.org

55 plugins · 26K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
47 days
View full developer profile
Detection Fingerprints

How We Detect PDF for Contact Form 7 + Drag and Drop Template Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pdf-for-contact-form-7/css/style.css/wp-content/plugins/pdf-for-contact-form-7/css/backend.css/wp-content/plugins/pdf-for-contact-form-7/css/bootstrap-grid.min.css/wp-content/plugins/pdf-for-contact-form-7/css/builder.css/wp-content/plugins/pdf-for-contact-form-7/js/script.js/wp-content/plugins/pdf-for-contact-form-7/js/backend.js/wp-content/plugins/pdf-for-contact-form-7/js/vue.min.js/wp-content/plugins/pdf-for-contact-form-7/js/template.js+1 more
Script Paths
/wp-content/plugins/pdf-for-contact-form-7/js/script.js/wp-content/plugins/pdf-for-contact-form-7/js/backend.js/wp-content/plugins/pdf-for-contact-form-7/js/vue.min.js/wp-content/plugins/pdf-for-contact-form-7/js/template.js/wp-content/plugins/pdf-for-contact-form-7/js/builder.js
Version Parameters
pdf-for-contact-form-7/css/style.css?ver=pdf-for-contact-form-7/css/backend.css?ver=pdf-for-contact-form-7/css/bootstrap-grid.min.css?ver=pdf-for-contact-form-7/css/builder.css?ver=pdf-for-contact-form-7/js/script.js?ver=pdf-for-contact-form-7/js/backend.js?ver=pdf-for-contact-form-7/js/vue.min.js?ver=pdf-for-contact-form-7/js/template.js?ver=pdf-for-contact-form-7/js/builder.js?ver=

HTML / DOM Fingerprints

CSS Classes
pro_disablepro_disable_fffbuilder__editor--itembuilder__editor--item-settingsyeepdf_setting_groupyeepdf_setting_rowyeepdf_settings_group-wrapperyeepdf_checkbox_label+1 more
Data Attributes
data-vue-component-name
JS Globals
YEEPDF_CREATOR_BUILDER_URLYEEPDF_CREATOR_BUILDER_PATHBUIDER_PDF_CF7_PLUGIN_URLBUIDER_PDF_CF7_PLUGIN_PATHyeepdf_settings_backend_main
FAQ

Frequently Asked Questions about PDF for Contact Form 7 + Drag and Drop Template Builder