WP-Safety

PR WPCF7 Locaweb Security & Risk Analysis

wordpress.org/plugins/pr-wpcf7-locaweb

Plugin de integração do Contact Form 7 com o sistema de Email Marketing da Locaweb.

10 active installs v1.0 PHP + WP 3.6+ Updated Apr 4, 2014
contact-formemail-marketing-locaweb
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is PR WPCF7 Locaweb Safe to Use in 2026?

Generally Safe

Score 85/100

PR WPCF7 Locaweb has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The "pr-wpcf7-locaweb" plugin v1.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by not utilizing dangerous functions, performing all SQL queries using prepared statements, and having no known vulnerabilities in its history. It also includes one nonce check and one capability check, indicating some awareness of security measures.

However, significant concerns arise from the attack surface analysis. The plugin exposes four AJAX handlers, all of which lack authentication checks. This is a critical weakness as it allows any unauthenticated user to potentially interact with these handlers, leading to unpredictable behavior or even exploiting them if they are vulnerable. While taint analysis did not reveal critical or high severity unsanitized paths, the presence of two flows with unsanitized paths, even if not escalated to critical, warrants attention. The low percentage of properly escaped output (6%) is also a concern, as it increases the risk of cross-site scripting (XSS) vulnerabilities.

Overall, the plugin's strength lies in its lack of known historical vulnerabilities and secure SQL handling. However, the unprotected AJAX endpoints and poor output escaping create substantial risks that outweigh these strengths. Mitigation of the unprotected AJAX handlers and improving output escaping are paramount to improving its security.

Key Concerns

  • AJAX handlers without authentication checks
  • Low percentage of properly escaped output
  • Flows with unsanitized paths (even if not critical)
Vulnerabilities
None known

PR WPCF7 Locaweb Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

PR WPCF7 Locaweb Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
34
2 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

6% escaped36 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
ajax_wpcf7locaweb_callback (pr-front-functions.php:79)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

PR WPCF7 Locaweb Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_ajax_campospr-admin-functions.php:191
noprivwp_ajax_ajax_campospr-admin-functions.php:192
authwp_ajax_ajax_wpcf7locawebpr-front-functions.php:76
noprivwp_ajax_ajax_wpcf7locawebpr-front-functions.php:77
WordPress Hooks 10
actioninitpr-admin-functions.php:185
actionadd_meta_boxespr-admin-functions.php:186
actionsave_postpr-admin-functions.php:187
filtermanage_prwpcf7locaweb_posts_columnspr-admin-functions.php:188
actionmanage_prwpcf7locaweb_posts_custom_columnpr-admin-functions.php:189
actionadmin_footerpr-admin-functions.php:211
actionwp_headpr-front-functions.php:74
filterwp_mail_content_typepr-front-functions.php:111
actionadmin_enqueue_scriptspr-wpcf7-locaweb.php:18
actionadmin_menupr-wpcf7-locaweb.php:27
Maintenance & Trust

PR WPCF7 Locaweb Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41
Last updatedApr 4, 2014
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

PR WPCF7 Locaweb Alternatives

Contact Form 7

Contact Form 7

contact-form-7

A
89

Just another contact form plugin. Simple but flexible.

10.0M 8 CVEs
Akismet Anti-spam: Spam Protection

Akismet Anti-spam: Spam Protection

akismet

A
99

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

A
90

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs
Database Addon for Contact Form 7 – CFDB7

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

A
90

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

B
82

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs
Developer Profile

PR WPCF7 Locaweb Developer Profile

Paulo Iankoski

3 plugins · 50 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect PR WPCF7 Locaweb

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pr-wpcf7-locaweb/css/pr-wpcf7locaweb.css/wp-content/plugins/pr-wpcf7-locaweb/js/pr-wpcf7locaweb.js
Script Paths
/wp-content/plugins/pr-wpcf7-locaweb/js/pr-wpcf7locaweb.js

HTML / DOM Fingerprints

Data Attributes
name="prWPCF7Locaweb[nome]"id="prWPCF7LocawebNome"name="prWPCF7Locaweb[email]"id="prWPCF7LocawebEmail"name="prWPCF7Locaweb[datadenascimento]"id="prWPCF7LocawebDataDeNascimento"+8 more
JS Globals
prWPCF7LocawebOptions
FAQ

Frequently Asked Questions about PR WPCF7 Locaweb