WP-Safety

PDF Forms Filler for CF7 Security & Risk Analysis

wordpress.org/plugins/pdf-forms-for-contact-form-7

Build Contact Form 7 forms from PDF forms. Get PDFs auto-filled and attached to email messages and/or website responses on form submission.

3K active installs v2.2.5 PHP 5.2+ WP 4.8+ Updated Oct 10, 2025
contact-formdownloademailformpdf
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is PDF Forms Filler for CF7 Safe to Use in 2026?

Generally Safe

Score 100/100

PDF Forms Filler for CF7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The plugin "pdf-forms-for-contact-form-7" version 2.2.5 exhibits a generally positive security posture, with a significant number of security checks in place. The presence of 21 capability checks and 11 nonce checks indicates a good effort to secure entry points. Furthermore, all SQL queries utilize prepared statements, which is a critical best practice for preventing SQL injection vulnerabilities. The plugin also demonstrates a strong commitment to output escaping, with 86% of outputs properly handled.

However, the analysis does reveal areas for concern. The use of the 'exec' function, a known dangerous function, raises a red flag, especially since no specific sanitization or context for its use is detailed in the provided data. While the taint analysis did not reveal critical or high-severity unsanitized flows, one flow with an unsanitized path exists, which warrants further investigation to understand its potential impact. The attack surface, while reported as having no unprotected entry points, consists of 5 AJAX handlers, which can be a common vector for vulnerabilities if not meticulously secured. The lack of recorded vulnerabilities in its history is a positive sign, suggesting a mature and relatively stable codebase, but it should not be a reason to overlook the static analysis findings.

In conclusion, the plugin has adopted many good security practices, particularly around database interactions and output handling. The absence of known CVEs is reassuring. Nevertheless, the identified use of `exec` and the single unsanitized path in the taint analysis are potential weaknesses that require attention. A thorough review of how `exec` is utilized and the nature of the unsanitized path is recommended to ensure no latent vulnerabilities exist.

Key Concerns

  • Use of dangerous function 'exec'
  • Flow with unsanitized path found
Vulnerabilities
None known

PDF Forms Filler for CF7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

PDF Forms Filler for CF7 Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
0 prepared
Unescaped Output
21
133 escaped
Nonce Checks
11
Capability Checks
21
File Operations
22
External Requests
4
Bundled Libraries
1

Dangerous Functions Found

exec@exec( 'echo works', $output, $retval );modules\pdf-ninja.php:403
exec@exec( 'cat /proc/self/stat', $output, $retval );modules\pdf-ninja.php:418
exec@exec( 'getenforce', $getenforce, $retval );modules\pdf-ninja.php:428

Bundled Libraries

Select2

Output Escaping

86% escaped154 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
handle_hidden_iframe_download (pdf-forms-for-contact-form-7.php:2774)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

PDF Forms Filler for CF7 Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 5

authwp_ajax_wpcf7_pdf_forms_get_attachment_infopdf-forms-for-contact-form-7.php:79
authwp_ajax_wpcf7_pdf_forms_query_tagspdf-forms-for-contact-form-7.php:80
authwp_ajax_wpcf7_pdf_forms_preload_datapdf-forms-for-contact-form-7.php:81
authwp_ajax_wpcf7_pdf_forms_query_cf7_fieldspdf-forms-for-contact-form-7.php:82
authwp_ajax_wpcf7_pdf_forms_query_page_imagepdf-forms-for-contact-form-7.php:83
WordPress Hooks 46
actioninitinc\class-tgm-plugin-activation.php:268
filterload_textdomain_mofileinc\class-tgm-plugin-activation.php:269
actioninitinc\class-tgm-plugin-activation.php:272
actionadmin_menuinc\class-tgm-plugin-activation.php:421
actionadmin_headinc\class-tgm-plugin-activation.php:422
filterinstall_plugin_complete_actionsinc\class-tgm-plugin-activation.php:425
filterupdate_plugin_complete_actionsinc\class-tgm-plugin-activation.php:426
actionadmin_noticesinc\class-tgm-plugin-activation.php:429
actionadmin_initinc\class-tgm-plugin-activation.php:430
actionadmin_enqueue_scriptsinc\class-tgm-plugin-activation.php:431
actionload-plugins.phpinc\class-tgm-plugin-activation.php:436
actionswitch_themeinc\class-tgm-plugin-activation.php:439
actionswitch_themeinc\class-tgm-plugin-activation.php:442
actionadmin_initinc\class-tgm-plugin-activation.php:447
actionswitch_themeinc\class-tgm-plugin-activation.php:452
actionload_textdomain_mofileinc\class-tgm-plugin-activation.php:475
filterupgrader_source_selectioninc\class-tgm-plugin-activation.php:889
actionplugins_loadedinc\class-tgm-plugin-activation.php:2112
filtertgmpa_table_data_itemsinc\class-tgm-plugin-activation.php:2236
filterupgrader_source_selectioninc\class-tgm-plugin-activation.php:2977
actionadmin_initinc\class-tgm-plugin-activation.php:3147
actionupgrader_process_completeinc\class-tgm-plugin-activation.php:3242
filterupgrader_post_installinc\class-tgm-plugin-activation.php:3301
filterupgrader_post_installinc\class-tgm-plugin-activation.php:3446
actiontgmpa_registerinc\tgm-config.php:8
actionadmin_noticespdf-forms-for-contact-form-7.php:44
actionplugins_loadedpdf-forms-for-contact-form-7.php:45
actionupgrader_process_completepdf-forms-for-contact-form-7.php:47
actionwpcf7_pdf_forms_cronpdf-forms-for-contact-form-7.php:50
actioninitpdf-forms-for-contact-form-7.php:69
actionadmin_enqueue_scriptspdf-forms-for-contact-form-7.php:71
actionwp_enqueue_scriptspdf-forms-for-contact-form-7.php:76
filterwpcf7_form_elementspdf-forms-for-contact-form-7.php:77
actionadmin_initpdf-forms-for-contact-form-7.php:85
actionadmin_menupdf-forms-for-contact-form-7.php:86
filterwpcf7_editor_panelspdf-forms-for-contact-form-7.php:87
actionwpcf7_before_send_mailpdf-forms-for-contact-form-7.php:89
filterwpcf7_mail_componentspdf-forms-for-contact-form-7.php:92
actionwpcf7_mail_sentpdf-forms-for-contact-form-7.php:93
actionwpcf7_after_savepdf-forms-for-contact-form-7.php:95
filterwpcf7_form_response_outputpdf-forms-for-contact-form-7.php:97
filterwpcf7_feedback_responsepdf-forms-for-contact-form-7.php:101
filterwpcf7_ajax_json_echopdf-forms-for-contact-form-7.php:104
filterwpcf7_copypdf-forms-for-contact-form-7.php:107
filtercron_schedulespdf-forms-for-contact-form-7.php:109
actionadmin_initpdf-forms-for-contact-form-7.php:112

Scheduled Events 1

wpcf7_pdf_forms_cron
Maintenance & Trust

PDF Forms Filler for CF7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 10, 2025
PHP min version5.2
Downloads181K

Community Trust

Rating96/100
Number of ratings13
Active installs3K
Alternatives

PDF Forms Filler for CF7 Alternatives

Gravity PDF

Gravity PDF

gravity-forms-pdf-extended

A
100

Automatically generate, email and download PDF documents from Gravity Forms entries

20K 1 CVE
Generate PDF using Contact Form 7

Generate PDF using Contact Form 7

generate-pdf-using-contact-form-7

A
96

Generate PDF using Contact Form 7 Plugin makes it simple to create PDFs for downloads, viewing, or sending as attachments after form submissions.

4K 3 CVEs
PDF Forms Filler for WPForms

PDF Forms Filler for WPForms

pdf-forms-for-wpforms

A
100

Build WPForms from PDF forms. Get PDFs filled automatically and attached to email messages and/or website responses on form submissions.

500 No CVEs
PDF Forms Filler for WooCommerce

PDF Forms Filler for WooCommerce

pdf-forms-for-woocommerce

A
100

Automatically fill PDF forms with WooCommerce orders and attach generated PDFs to email notifications and order downloads.

20 No CVEs
Creative Mail – Easier WordPress & WooCommerce Email Marketing

Creative Mail – Easier WordPress & WooCommerce Email Marketing

creative-mail-by-constant-contact

A
90

Creative Mail was designed specifically for WordPress and WooCommerce. Our intelligent (and super fun) email editor simplifies email marketing campaig …

300K 3 CVEs
Developer Profile

PDF Forms Filler for CF7 Developer Profile

maximum.software

5 plugins · 4K total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect PDF Forms Filler for CF7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pdf-forms-for-contact-form-7/inc/css/admin.css/wp-content/plugins/pdf-forms-for-contact-form-7/inc/css/pdf-forms-editor-panel.css/wp-content/plugins/pdf-forms-for-contact-form-7/inc/js/admin.js/wp-content/plugins/pdf-forms-for-contact-form-7/inc/js/pdf-forms-editor-panel.js/wp-content/plugins/pdf-forms-for-contact-form-7/inc/js/pdf-forms-helper.js/wp-content/plugins/pdf-forms-for-contact-form-7/inc/js/pdf-forms-settings.js/wp-content/plugins/pdf-forms-for-contact-form-7/inc/js/pdf-forms-tag-generator.js
Script Paths
/wp-content/plugins/pdf-forms-for-contact-form-7/inc/js/admin.js/wp-content/plugins/pdf-forms-for-contact-form-7/inc/js/pdf-forms-editor-panel.js/wp-content/plugins/pdf-forms-for-contact-form-7/inc/js/pdf-forms-helper.js/wp-content/plugins/pdf-forms-for-contact-form-7/inc/js/pdf-forms-settings.js/wp-content/plugins/pdf-forms-for-contact-form-7/inc/js/pdf-forms-tag-generator.js
Version Parameters
/wp-content/plugins/pdf-forms-for-contact-form-7/inc/css/admin.css?ver=/wp-content/plugins/pdf-forms-for-contact-form-7/inc/css/pdf-forms-editor-panel.css?ver=/wp-content/plugins/pdf-forms-for-contact-form-7/inc/js/admin.js?ver=/wp-content/plugins/pdf-forms-for-contact-form-7/inc/js/pdf-forms-editor-panel.js?ver=/wp-content/plugins/pdf-forms-for-contact-form-7/inc/js/pdf-forms-helper.js?ver=/wp-content/plugins/pdf-forms-for-contact-form-7/inc/js/pdf-forms-settings.js?ver=/wp-content/plugins/pdf-forms-for-contact-form-7/inc/js/pdf-forms-tag-generator.js?ver=

HTML / DOM Fingerprints

CSS Classes
pdf-forms-editor-panelpdf-forms-settings-pagepdf-forms-helper-field
HTML Comments
<!-- PDF Forms Filler for CF7 options -->
Data Attributes
data-pdf-forms-field-typedata-pdf-forms-tag-field
JS Globals
wpcf7_pdf_forms_adminwpcf7_pdf_forms_tag_generatorwpcf7_pdf_forms_helperwpcf7_pdf_forms_settings
REST Endpoints
/wp-json/pdf-forms-for-contact-form-7/v1/query_tags
FAQ

Frequently Asked Questions about PDF Forms Filler for CF7