Does Send Data to AC have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Send Data to AC compatible with WordPress 6.0.11?

According to WordPress.org data, Send Data to AC 1.0 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

How often is Send Data to AC updated?

Send Data to AC was last updated on Jun 8, 2022. Frequent updates are generally a positive security signal.

What is Send Data to AC's security score?

Send Data to AC has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Send Data to AC Security & Risk Analysis

wordpress.org/plugins/send-cf7-data-to-active-campaign

Contact form 7 Addon plugin. send data to activate campaign list.

0 active installs v1.0 PHP + WP 5.7+ Updated Jun 8, 2022

active-campaigncf7-contact-to-active-campaigncontact-active-campaigncontact-formcontact-form-to-activate-campaign

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Send Data to AC Safe to Use in 2026?

Generally Safe

Score 85/100

Send Data to AC has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The plugin "send-cf7-data-to-active-campaign" v1.0 exhibits a strong security posture based on the provided static analysis. The absence of dangerous functions, reliance on prepared statements for SQL, and 100% proper output escaping are excellent security practices. The presence of a nonce check is also a positive sign. Furthermore, the lack of any recorded vulnerabilities, including critical or high severity ones, suggests a history of secure development or diligent patching.

Despite these strengths, there is a notable absence of capability checks. While the plugin only has one AJAX handler and no REST API routes, shortcodes, or cron events, meaning a limited attack surface, relying solely on nonce checks for AJAX handlers can be a weakness. If the nonce check were to be bypassed or if an attacker could trigger the AJAX handler without a valid nonce, it could still lead to unauthorized actions if the handler itself doesn't perform further authorization checks. The lack of any critical or high severity issues in taint analysis is reassuring, but a complete absence of taint flows analyzed might also indicate a very limited scope of analysis or an extremely simple plugin.

In conclusion, this plugin appears to be developed with security in mind, particularly concerning data handling and output sanitization. However, the absence of capability checks on its sole AJAX entry point represents a potential, albeit small, security concern that could be addressed to further harden its defenses.

Key Concerns

Missing capability checks on AJAX handler

Vulnerabilities

None known

Send Data to AC Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Send Data to AC Release Timeline

v1.0Current

Code Analysis

Analyzed Apr 16, 2026

Send Data to AC Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

35 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped35 total outputs

Attack Surface

Send Data to AC Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_sdtac_call_apiincludes/class.cf7-to-ac.php:34

WordPress Hooks 7

actioninitincludes/class.cf7-to-ac.php:28

actionadmin_enqueue_scriptsincludes/class.cf7-to-ac.php:29

actionwpcf7_mail_sentincludes/class.cf7-to-ac.php:30

filterwpcf7_editor_panelsincludes/class.cf7-to-ac.php:31

filterplugin_action_linksincludes/class.cf7-to-ac.php:32

actionwpcf7_after_saveincludes/class.cf7-to-ac.php:33

actionadmin_noticesincludes/class.cf7-to-ac.php:128

Maintenance & Trust

Send Data to AC Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedJun 8, 2022

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Send Data to AC Alternatives

Active Campaign & Contact Form 7

wpop-accf

100

Add Contact Form 7 Data to ActiveCampaign Contact lists.

3K No CVEs

Contact Form 7

contact-form-7

Just another contact form plugin. Simple but flexible.

10.0M 8 CVEs

Akismet Anti-spam: Spam Protection

akismet

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 16 CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

700K 33 CVEs

Developer Profile

Send Data to AC Developer Profile

Bitcraftx

4 plugins · 20 total installs

trust score

Avg Security Score

94/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Send Data to AC

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/send-cf7-data-to-active-campaign/admin/js/admin-script.js

Script Paths