WP-Safety

ShopMagic for Contact Form 7 and WooCommerce Security & Risk Analysis

wordpress.org/plugins/shopmagic-for-contact-form-7

Allows creating WooCommerce marketing automation and emailing WordPress users based on Contact Form 7 submission. You can use this Contact Form 7 inte …

400 active installs v1.3.18 PHP 7.4+ WP 6.4+ Updated Mar 7, 2026
cf7contact-formcontact-form-7-woocommerceform-submissionmarketing-automation
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ShopMagic for Contact Form 7 and WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

ShopMagic for Contact Form 7 and WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 27d ago
Risk Assessment

The "shopmagic-for-contact-form-7" plugin version 1.3.18 exhibits a generally strong security posture based on the provided static analysis. It has no recorded vulnerabilities (CVEs) and demonstrates good security practices such as implementing nonce and capability checks for its single AJAX entry point, suggesting that direct access to its functionality is likely protected. The absence of unescaped output in critical areas and the lack of exploitable taint flows further contribute to its good security standing. However, the plugin's reliance on raw SQL queries without prepared statements is a significant concern. While the analysis shows only two such queries and no immediate critical taint flows, this practice can expose the application to SQL injection vulnerabilities if the input is not meticulously sanitized elsewhere, which is not guaranteed by this analysis alone. The limited attack surface and absence of external HTTP requests are positive indicators, but the SQL query handling remains a notable weakness.

Key Concerns

  • SQL queries without prepared statements
Vulnerabilities
None known

ShopMagic for Contact Form 7 and WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

ShopMagic for Contact Form 7 and WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
0 prepared
Unescaped Output
12
20 escaped
Nonce Checks
4
Capability Checks
3
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared2 total queries

Output Escaping

63% escaped32 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
processAjaxNoticeDismiss (vendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:72)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

ShopMagic for Contact Form 7 and WooCommerce Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_wpdesk_notice_dismissvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:42
WordPress Hooks 21
actionwpcf7_before_send_mailsrc\CfFormInterceptor.php:29
actionwpcf7_before_send_mailsrc\Event\FormSubmit.php:32
actionwpcf7_mail_sentsrc\Event\FormSubmit.php:33
actionshopmagic/core/initialized/v2src\Plugin.php:33
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:148
actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:149
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:41
actionadmin_noticesvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:144
actionadmin_footervendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:145
filterwp_autoloader_loader_loaders_to_loadvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:45
filterwp_autoloader_loader_loaders_to_createvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:46
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\Simple\SimplePaidStrategy.php:58
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:81
actionbefore_woocommerce_initvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:88
actionactivated_pluginvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:102
filterdoing_it_wrong_trigger_errorvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:123
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\Assets.php:28
actionadmin_menuvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:35
actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:36
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptOut.php:28
filterplugin_row_metavendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\PluginActionLinks.php:36
Maintenance & Trust

ShopMagic for Contact Form 7 and WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 7, 2026
PHP min version7.4
Downloads16K

Community Trust

Rating100/100
Number of ratings1
Active installs400
Alternatives

ShopMagic for Contact Form 7 and WooCommerce Alternatives

AroksDS Submission Alerts for Contact Form 7 to Telegram

AroksDS Submission Alerts for Contact Form 7 to Telegram

aroksds-alerts-for-cf7-to-telegram

A
100

Stop losing leads: send Contact Form 7 submissions to a shared Telegram channel as a reliable backup to email.

0 No CVEs
BCodeCraft Submissions for Contact Form 7

BCodeCraft Submissions for Contact Form 7

bcodecraft-submissions-cf7

A
100

Secure storage and management of Contact Form 7 submissions with advanced security features. Never lose a lead again!

0 No CVEs
CUB Form Database Manager

CUB Form Database Manager

cub-cf7db

A
100

CUB - CF7DB: Save Contact Form 7 data to WordPress database. Manage, search, and export form entries easily in WP admin.

0 No CVEs
Database Addon for Contact Form 7 – CFDB7

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

A
90

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs
Redirection for Contact Form 7

Redirection for Contact Form 7

wpcf7-redirect

A
88

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs
Developer Profile

ShopMagic for Contact Form 7 and WooCommerce Developer Profile

wpdesk

23 plugins · 127K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
135 days
View full developer profile
Detection Fingerprints

How We Detect ShopMagic for Contact Form 7 and WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/shopmagic-for-contact-form-7/assets/css/admin-style.css/wp-content/plugins/shopmagic-for-contact-form-7/assets/js/scripts.js
Script Paths
/wp-content/plugins/shopmagic-for-contact-form-7/assets/js/scripts.js
Version Parameters
shopmagic-for-contact-form-7/assets/css/admin-style.css?ver=shopmagic-for-contact-form-7/assets/js/scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
shopmagic-cf7-admin-logoshopmagic-cf7-setup-wizard-button
HTML Comments
<!-- A widget to display shopmagic cf7 setup wizard button --><!-- wp_footer called, do not do anything here -->
Data Attributes
data-cf7-shopmagic-ajax-url
JS Globals
ShopMagicCF7
FAQ

Frequently Asked Questions about ShopMagic for Contact Form 7 and WooCommerce