WP-Safety

Post My CF7 Form Security & Risk Analysis

wordpress.org/plugins/post-my-contact-form-7

This plugin enables the mapping of your CF7 forms to custom posts, including featured images, files, meta-fields and taxonomies

2K active installs v6.1.0 PHP 5.6+ WP 4.7+ Updated May 2, 2024
contact-form-7contact-form-7-extensioncontact-form-7-moduleform-to-post
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Post My CF7 Form Safe to Use in 2026?

Generally Safe

Score 85/100

Post My CF7 Form has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The plugin 'post-my-contact-form-7' v6.1.0 exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of any recorded CVEs, unpatched vulnerabilities, or critical/high severity taint flows is a significant strength. The code analysis reveals excellent practices regarding output escaping, with 99% of outputs properly escaped, and a robust use of nonce and capability checks. The limited number of SQL queries, with a substantial majority using prepared statements, further indicates a secure development approach.

However, a minor concern arises from the presence of one file operation, as these can sometimes be a vector for vulnerabilities if not handled with extreme care, although no specific issues were flagged in the taint analysis. The bundled Select2 library, while not explicitly flagged as outdated or vulnerable in this data, represents a potential area for future review if it deviates significantly from current secure versions. Overall, the plugin demonstrates a commitment to security, with minimal identified risks.

Key Concerns

  • File operation detected
  • Bundled library (Select2 v4.0.13)
Vulnerabilities
None known

Post My CF7 Form Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Post My CF7 Form Release Timeline

v6.1.0Current
v6.0.8
v6.0.7
v6.0.6
v6.0.5
v6.0.4
v6.0.3
v6.0.2
v6.0.1
v6.0.0
v5.6.1
v5.6.0
v5.5
v5.4
v5.3
v5.2
v5.1
v5.0
v4.1.12
v4.1.11
Code Analysis
Analyzed Mar 16, 2026

Post My CF7 Form Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
2 prepared
Unescaped Output
3
374 escaped
Nonce Checks
13
Capability Checks
8
File Operations
1
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select24.0.13

SQL Query Safety

67% prepared3 total queries

Output Escaping

99% escaped377 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
save_post_mapping (admin\class-cf7-2-post-admin.php:410)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Post My CF7 Form Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 46
actioncf7sg_save_postadmin\class-cf7-2-post-admin.php:75
actionsave_post_wpcf7_contact_formadmin\class-cf7-2-post-admin.php:77
actionadmin_enqueue_scriptsadmin\class-cf7-2-post-admin.php:547
actionplugins_loadedincludes\class-cf7-2-post.php:141
actionadmin_enqueue_scriptsincludes\class-cf7-2-post.php:156
actionadmin_enqueue_scriptsincludes\class-cf7-2-post.php:157
actionadmin_headincludes\class-cf7-2-post.php:159
actioninitincludes\class-cf7-2-post.php:161
filtermanage_wpcf7_contact_form_posts_columnsincludes\class-cf7-2-post.php:163
actionmanage_wpcf7_contact_form_posts_custom_columnincludes\class-cf7-2-post.php:164
actioninitincludes\class-cf7-2-post.php:166
actionadmin_initincludes\class-cf7-2-post.php:168
actionadmin_print_footer_scriptsincludes\class-cf7-2-post.php:170
actionquick_edit_custom_boxincludes\class-cf7-2-post.php:172
actionsave_post_wpcf7_contact_formincludes\class-cf7-2-post.php:173
actioncf72post_register_mapped_postincludes\class-cf7-2-post.php:177
actionwpcf7_post_deleteincludes\class-cf7-2-post.php:180
actionwpcf7_admin_initincludes\class-cf7-2-post.php:182
actionwpcf7_messagesincludes\class-cf7-2-post.php:184
filterwpcf7_collect_mail_tagsincludes\class-cf7-2-post.php:203
filterwpcf7_editor_panelsincludes\class-cf7-2-post.php:206
actionadmin_initincludes\class-cf7-2-post.php:207
actionadd_meta_boxes_wpcf7_contact_formincludes\class-cf7-2-post.php:213
actionin_plugin_update_message-post-my-contact-form-7/cf7-2-post.phpincludes\class-cf7-2-post.php:215
actionwp_enqueue_scriptsincludes\class-cf7-2-post.php:229
actionwp_enqueue_scriptsincludes\class-cf7-2-post.php:230
filterdo_shortcode_tagincludes\class-cf7-2-post.php:231
actionwp_headincludes\class-cf7-2-post.php:233
actionwpcf7_before_send_mailincludes\class-cf7-2-post.php:237
filterwpcf7_skip_mailincludes\class-cf7-2-post.php:239
actionwpcf7_initincludes\class-cf7-2-post.php:241
actionwpcf7_initincludes\class-cf7-2-post.php:243
filterwpcf7_validateincludes\class-cf7-2-post.php:245
filterwpcf7_validate_fileincludes\class-cf7-2-post.php:246
filterwpcf7_validate_file*includes\class-cf7-2-post.php:247
filterwpcf7_form_hidden_fieldsincludes\class-cf7-2-post.php:249
filterwpcf7_display_messageincludes\class-cf7-2-post.php:251
filterwpcf7_posted_data_selectincludes\class-cf7-2-post.php:253
filterwpcf7_posted_data_select*includes\class-cf7-2-post.php:254
filterwpcf7_posted_data_dynamic-selectincludes\class-cf7-2-post.php:255
filterwpcf7_posted_data_dynamic-select*includes\class-cf7-2-post.php:256
filterpre_move_uploaded_fileincludes\mapper\class-c2p-post-mapper.php:1171
filterwpcf7_special_mail_tagspublic\class-cf7-2-post-public.php:121
actionwpcf7_swv_create_schemapublic\class-cf7-2-post-public.php:291
actionwp_footerpublic\class-cf7-2-post-public.php:416
filterwpcf7_skip_mailpublic\class-cf7-2-post-public.php:489
Maintenance & Trust

Post My CF7 Form Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedMay 2, 2024
PHP min version5.6
Downloads95K

Community Trust

Rating96/100
Number of ratings48
Active installs2K
Alternatives

Post My CF7 Form Alternatives

Smart Grid-Layout Design for Contact Form 7

Smart Grid-Layout Design for Contact Form 7

cf7-grid-layout

A
92

This plugins allow pure CSS responsive grid layouts for contact form 7. It enables rich interlinking of your CMS data via taxonomy/posts populated dr …

10K No CVEs
Contact Form 7 Polylang Module

Contact Form 7 Polylang Module

cf7-polylang

A
85

This plugin allows multilingual contact form 7 management using the polylang plugin.

5K No CVEs
Contact Form 7 extension for Google Map fields

Contact Form 7 extension for Google Map fields

cf7-google-map

B
84

This plugin enables the insertion of google maps into contact form 7 as an input field.

600 1 CVE
OTP by Email for Contact Form 7

OTP by Email for Contact Form 7

otp-by-email

A
85

A small Contact Form 7 extension plugin to enable email confirmation by unique links sent to the email inbox.

80 No CVEs
@MediaPost – Extensão para Contact Form 7

@MediaPost – Extensão para Contact Form 7

mediapost-extensao-para-contact-form-7

A
85

Este plugin permite a integração entre os formulários de contato do plugin Contact Form 7 e uma conta @MediaPost.

20 No CVEs
Developer Profile

Post My CF7 Form Developer Profile

Aurovrata Venet

6 plugins · 25K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
265 days
View full developer profile
Detection Fingerprints

How We Detect Post My CF7 Form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/post-my-contact-form-7/assets/hybrid-html-dropdown/hybrid-dropdown.min.css/wp-content/plugins/post-my-contact-form-7/assets/jquery-toggles/css/toggles.css/wp-content/plugins/post-my-contact-form-7/assets/jquery-toggles/css/themes/toggles-light.css/wp-content/plugins/post-my-contact-form-7/admin/css/mapping-panel.css/wp-content/plugins/post-my-contact-form-7/admin/css/cf7-2-post-mapping.css/wp-content/plugins/post-my-contact-form-7/admin/css/cf7-table.css/wp-content/plugins/post-my-contact-form-7/admin/css/cf72-custompost.css/wp-content/plugins/post-my-contact-form-7/admin/js/c2p-edit-panel.js+3 more
Script Paths
/wp-content/plugins/post-my-contact-form-7/admin/js/c2p-edit-panel.js/wp-content/plugins/post-my-contact-form-7/assets/jquery-toggles/toggles.min.js/wp-content/plugins/post-my-contact-form-7/assets/clipboard/clipboard.min.js/wp-content/plugins/post-my-contact-form-7/assets/js/cf7-2-post-common.js
Version Parameters
post-my-contact-form-7/admin/css/mapping-panel.css?ver=post-my-contact-form-7/admin/css/cf7-2-post-mapping.css?ver=post-my-contact-form-7/admin/css/cf7-table.css?ver=post-my-contact-form-7/admin/css/cf72-custompost.css?ver=post-my-contact-form-7/admin/js/c2p-edit-panel.js?ver=post-my-contact-form-7/assets/jquery-toggles/toggles.min.js?ver=post-my-contact-form-7/assets/clipboard/clipboard.min.js?ver=post-my-contact-form-7/assets/js/cf7-2-post-common.js?ver=

HTML / DOM Fingerprints

CSS Classes
cf7-2-post-mapping-fieldcf7-2-post-mapping-rowcf7-2-post-mapping-labelcf7-2-post-mapping-inputcf7-2-post-mapping-selectcf7-2-post-mapping-textareacf7-2-post-mapping-help-textcf7-2-post-mapping-help-button+8 more
HTML Comments
NB @since 5.0.0 hook the smart grid form saving action to fix double save_post hook callNB @since 5.5.1 fix tag name scanning.
Data Attributes
data-cf72post-post-typedata-cf72post-taxdata-cf72post-fielddata-cf72post-cf7-iddata-cf72post-form-title
JS Globals
cf7_2_post_globals
FAQ

Frequently Asked Questions about Post My CF7 Form