Does Sitepact's Contact Form 7 Extension For Klaviyo have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Sitepact's Contact Form 7 Extension For Klaviyo compatible with WordPress 6.8.5?

According to WordPress.org data, Sitepact's Contact Form 7 Extension For Klaviyo 3.1.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Sitepact's Contact Form 7 Extension For Klaviyo compatible with PHP 7.2+?

Sitepact's Contact Form 7 Extension For Klaviyo requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Sitepact's Contact Form 7 Extension For Klaviyo's security score?

Sitepact's Contact Form 7 Extension For Klaviyo has a WP-Safety security score of 90/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sitepact's Contact Form 7 Extension For Klaviyo Security & Risk Analysis

wordpress.org/plugins/sitepact-klaviyo-contact-form-7

Integrate Contact Form 7 with Klaviyo. Automatically add form submissions to predetermined lists and fields in Klaviyo.

600 active installs v3.1.7 PHP 7.2+ WP 6.2+ Updated May 11, 2025

contact-form-7klaviyoklaviyo-custom-fieldsklaviyo-wordpressnewsletter

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 15, 2024

Plugin page Download

Safety Verdict

Is Sitepact's Contact Form 7 Extension For Klaviyo Safe to Use in 2026?

Generally Safe

Score 90/100

Sitepact's Contact Form 7 Extension For Klaviyo has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Feb 15, 2024Updated 1yr ago

Risk Assessment

The sitepact-klaviyo-contact-form-7 plugin v3.1.7 exhibits a mixed security posture. On the positive side, static analysis reveals excellent practices in handling SQL queries and output escaping, with 100% of both using prepared statements and proper escaping respectively. The absence of directly vulnerable AJAX handlers, REST API routes, shortcodes, and cron events, along with a clean taint analysis showing no unsanitized flows, suggests a well-developed codebase in these areas. The presence of nonce and capability checks further bolsters its security, indicating an awareness of common WordPress vulnerabilities.

However, a significant concern arises from the plugin's vulnerability history. It has a documented critical CVE for SQL injection, which, although currently patched, points to a past weakness in input validation or query construction. The existence of a critical vulnerability, even if resolved, warrants vigilance. Additionally, the plugin makes 6 external HTTP requests, which could be a potential vector for various attacks if not handled securely and if the remote endpoints are compromised.

In conclusion, while the current version of sitepact-klaviyo-contact-form-7 demonstrates strong internal security practices for SQL and output handling, its past critical vulnerability underscores the importance of continuous security monitoring and updates. The external HTTP requests also represent a potential, albeit less severe, area of concern that requires careful management.

Key Concerns

Previous critical CVE for SQL Injection
External HTTP requests made by plugin

Vulnerabilities

1 published

Sitepact's Contact Form 7 Extension For Klaviyo Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

1 total CVE

CVE-2024-25928critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Sitepact's Contact Form 7 Extension For Klaviyo <= 1.0.5 - Unauthenticated SQL Injection

Feb 15, 2024 Patched in 3.0.0 (140d)

Version History

Sitepact's Contact Form 7 Extension For Klaviyo Release Timeline

v3.1.7Current

v3.1.1

v3.1.0

v3.0.21

v3.0.1

v3.0.0

Code Analysis

Analyzed Mar 16, 2026

Sitepact's Contact Form 7 Extension For Klaviyo Code Analysis

Dangerous Functions

Raw SQL Queries

22 prepared

Unescaped Output

113 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared22 total queries

Output Escaping

100% escaped113 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<manage-logs> (admin\templates\manage-logs.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Sitepact's Contact Form 7 Extension For Klaviyo Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_fetch_klaviyo_listsfunctions\admin-form-handler.php:35

authwp_ajax_change_integration_statusfunctions\admin-form-handler.php:56

WordPress Hooks 14

actionadmin_menuadmin\admin-ui-setup.php:25

actionadmin_enqueue_scriptsadmin\admin-ui-setup.php:26

filterwpcf7_editor_panelsadmin\admin-ui-setup.php:27

actionwp_enqueue_scriptsadmin\basic-setup.php:25

actionplugins_loadedadmin\basic-setup.php:56

filterplugin_row_metaadmin\basic-setup.php:74

actionadmin_noticesadmin\basic-setup.php:94

actionadmin_initadmin\basic-setup.php:118

actionadmin_menuadmin\dashboard\dashboard.php:3

actionadmin_enqueue_scriptsadmin\dashboard\dashboard.php:4

actionwpcf7_save_contact_formfunctions\cf7.php:14

actionwpcf7_initfunctions\cf7.php:15

actionwpcf7_mail_sentfunctions\cf7.php:16

filterdo_shortcode_tagfunctions\cf7.php:289

Maintenance & Trust

Sitepact's Contact Form 7 Extension For Klaviyo Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 11, 2025

PHP min version7.2

Downloads10K

Community Trust

Rating80/100

Number of ratings4

Active installs600

Alternatives

Sitepact's Contact Form 7 Extension For Klaviyo Alternatives

Mailster Contact Form 7

mailster-contact-form-7

100

Create your Signup Forms with Contact Form 7 and allow users to signup to your newsletter.

1K No CVEs

MailChimp Add-On for FormCraft

mailchimp-for-formcraft

Create gorgeous optin forms for your site with FormCraft, and grow your MailChimp list.

800 No CVEs

Connect Contact Form 7 and AWeber

integrate-contact-form-7-and-aweber

Integrate AWeber mailing lists with Contact Form 7. Automatically add form subscribers to your AWeber lists.

300 2 CVEs

Smaily for Contact Form 7

smaily-for-contact-form-7

100

Flexible and straightforward Smaily newsletter integration for Contact Form 7.

100 No CVEs

Contact Form 7 – Campaign Monitor Addon

contact-form-7-campaignmonitor-addon

Add the capability to create newsletter opt-in forms with Contact Form 7. Automatically submit subscribers to predetermined lists in Campaign Monitor.

90 No CVEs

Developer Profile

Sitepact's Contact Form 7 Extension For Klaviyo Developer Profile

Sitepact

2 plugins · 600 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

140 days

View full developer profile

Detection Fingerprints

How We Detect Sitepact's Contact Form 7 Extension For Klaviyo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sitepact-klaviyo-contact-form-7/includes/assets/css/custom_bootstrap.css/wp-content/plugins/sitepact-klaviyo-contact-form-7/includes/assets/js/klcf-init.js

Script Paths

/wp-content/plugins/sitepact-klaviyo-contact-form-7/includes/assets/js/klcf-init.js

Version Parameters

sitepact-klaviyo-contact-form-7/includes/assets/css/custom_bootstrap.css?ver=sitepact-klaviyo-contact-form-7/includes/assets/js/klcf-init.js?ver=

HTML / DOM Fingerprints

CSS Classes

klcf-nav-tabklcf-nav-tab-active

HTML Comments

Data Attributes

data-klcf-nonceklcf_nonce

JS Globals

main_klcf_script_ajax_object

FAQ