Does Signature Field With Contact Form 7 have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Signature Field With Contact Form 7 compatible with WordPress 6.8.5?

According to WordPress.org data, Signature Field With Contact Form 7 1.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Signature Field With Contact Form 7 updated?

Signature Field With Contact Form 7 was last updated on May 12, 2025. Frequent updates are generally a positive security signal.

What is Signature Field With Contact Form 7's security score?

Signature Field With Contact Form 7 has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Signature Field With Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/signature-field-with-contact-form-7

Contact Form 7 Signature Addon is a free WordPress plugin.

300 active installs v1.0 PHP + WP 5.5+ Updated May 12, 2025

contact-form-7signature-contact-form-7signature-for-contact-form-7

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Signature Field With Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 92/100

Signature Field With Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The 'signature-field-with-contact-form-7' v1.0 plugin exhibits a strong security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the code shows diligent use of prepared statements for all SQL queries and a high percentage of properly escaped output, mitigating risks of SQL injection and Cross-Site Scripting (XSS). The lack of external HTTP requests and the absence of critical taint flows further bolster its security. The vulnerability history also indicates a clean record, with no known CVEs, suggesting a commitment to secure development practices.

However, a notable concern arises from the complete lack of nonce checks and capability checks across all entry points. While the current entry points are zero, this absence represents a significant potential vulnerability if new functionalities are added in the future without implementing proper authorization and security tokens. The presence of file operations without explicit mention of sanitization or validation could also pose a risk, depending on the nature of these operations. Overall, the plugin is currently very secure due to its limited functionality and good coding practices, but the lack of built-in authorization mechanisms represents a latent risk for future expansion.

Key Concerns

Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Signature Field With Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Signature Field With Contact Form 7 Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Signature Field With Contact Form 7 Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

88% escaped8 total outputs

Attack Surface

Signature Field With Contact Form 7 Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionwpcf7_admin_initincludes\admin.php:2

actionwpcf7_initincludes\frontend.php:2

filterwpcf7_validate_digital_signincludes\frontend.php:67

filterwpcf7_validate_digital_sign*includes\frontend.php:68

filterwpcf7_posted_dataincludes\frontend.php:95

actionwpcf7_enqueue_scriptssignature-field-with-contact-form-7.php:18

actionadmin_initsignature-field-with-contact-form-7.php:27

actionadmin_noticessignature-field-with-contact-form-7.php:39

Maintenance & Trust

Signature Field With Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 12, 2025

PHP min version

Downloads3K

Community Trust

Rating60/100

Number of ratings2

Active installs300

Alternatives

Signature Field With Contact Form 7 Alternatives

Digital Signature For Contact Form 7

digital-signature-for-contact-form-7

100

Contact Form 7 Signature Addon making autographs of people who want to get an E-signature in the system. We build too easy to access and use for users …

5K No CVEs

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs

ReCaptcha v2 for Contact Form 7

wpcf7-recaptcha

Adds reCaptcha v2 from Contact Form 7 5.0.5 that was dropped on Contact Form 7 5.1

200K No CVEs

Redirection for Contact Form 7

wpcf7-redirect

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs

Conditional Fields for Contact Form 7

cf7-conditional-fields

Adds conditional logic to Contact Form 7.

100K 4 CVEs

Developer Profile

Signature Field With Contact Form 7 Developer Profile

howdytheme

20 plugins · 5K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Signature Field With Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/signature-field-with-contact-form-7/public/js/signature-pad.min.js/wp-content/plugins/signature-field-with-contact-form-7/public/js/design.js/wp-content/plugins/signature-field-with-contact-form-7/public/css/signature-pad.css

Script Paths

/wp-content/plugins/signature-field-with-contact-form-7/public/js/signature-pad.min.js/wp-content/plugins/signature-field-with-contact-form-7/public/js/design.js

Version Parameters

signature-field-with-contact-form-7/public/js/design.js?ver=

HTML / DOM Fingerprints

CSS Classes

pad_backcolorpad_pencolorpad_widthpad_heightpen_widthclear_textmail-tag-tip

Data Attributes

data-tag-part="basetype"data-tag-part="type-suffix"data-tag-part="name"data-tag-part="option"data-tag-option="id:"data-tag-option="class:"+7 more

Shortcode Output

<header class="description-box">
      <h3>digital_sign form tag generator</h3>
      <p>Generate a form-tag for a signature field.</p>
    </header> 
    <div class="control-box">
      <fieldset>
        <legend>
          Field type
        </legend>
        <input type="hidden" data-tag-part="basetype" value="digital_sign" >
        <label>
        <input type="checkbox" data-tag-part="type-suffix" value="*">This is a required field.</label>
      </fieldset> 
      <fieldset>
        <legend>Name</legend>
        <input type="text" data-tag-part="name" pattern="[A-Za-z][A-Za-z0-9_\-]*">
      </fieldset>
      <fieldset >
        <legend>Id</legend>
        <input type="text" data-tag-part="option" data-tag-option="id:" value="">

FAQ