Does Contact Form 7 Analytics have any unpatched vulnerabilities?

No. All known vulnerabilities in Contact Form 7 Analytics have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Contact Form 7 Analytics compatible with WordPress 4.8.28?

According to WordPress.org data, Contact Form 7 Analytics 0.2.0 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is Contact Form 7 Analytics updated?

Contact Form 7 Analytics was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Contact Form 7 Analytics's security score?

Contact Form 7 Analytics has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Contact Form 7 Analytics Security & Risk Analysis

wordpress.org/plugins/swp-contact-form-7-analytics

A lightweight system to track Contact Form 7 Events in Google Analytics.

0 active installs v0.2.0 PHP + WP 4.4+ Updated Unknown

cf7contact-form-7google-analytics

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Contact Form 7 Analytics Safe to Use in 2026?

Generally Safe

Score 100/100

Contact Form 7 Analytics has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The swp-contact-form-7-analytics plugin v0.2.0 presents a mixed security posture. On the positive side, it utilizes prepared statements for all its SQL queries and has no recorded vulnerability history, suggesting a degree of care in its development and maintenance. The absence of known CVEs is a strong indicator of current security stability.

However, significant concerns arise from the static analysis. The plugin exposes a large attack surface with 36 AJAX handlers, a substantial 24 of which lack authentication checks. This is a critical oversight that could allow unauthenticated users to trigger potentially sensitive operations. Furthermore, the taint analysis reveals 11 flows with unsanitized paths, indicating a potential for injection vulnerabilities, although these are not classified as critical or high severity in this scan. The low rate of output escaping (15%) is another significant weakness, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities.

Overall, while the plugin avoids common pitfalls like raw SQL and known vulnerabilities, the high number of unprotected AJAX endpoints and the prevalence of unsanitized paths in the taint analysis pose substantial risks. The low output escaping rate further exacerbates these concerns. Developers should prioritize addressing the unprotected AJAX handlers and improving output sanitization to strengthen the plugin's security.

Key Concerns

24 unprotected AJAX handlers
11 unsanitized paths in taint analysis
15% of outputs properly escaped
Bundled outdated library: Select2 v3.5.2

Vulnerabilities

None known

Contact Form 7 Analytics Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Contact Form 7 Analytics Code Analysis

Dangerous Functions

Raw SQL Queries

17 prepared

Unescaped Output

252

43 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select23.5.2

SQL Query Safety

100% prepared17 total queries

Output Escaping

15% escaped295 total outputs

Data Flows

11 unsanitized

Data Flow Analysis

13 flows11 with unsanitized paths

ajax_move_field (acf\admin\field-group.php:1153)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

24 unprotected

Contact Form 7 Analytics Attack Surface

Entry Points37

Unprotected24

AJAX Handlers 36

authwp_ajax_acf/field_group/render_field_settingsacf\admin\field-group.php:39

authwp_ajax_acf/field_group/render_location_valueacf\admin\field-group.php:40

authwp_ajax_acf/field_group/move_fieldacf\admin\field-group.php:41

authwp_ajax_acf/admin/db_updateacf\admin\install.php:37

authwp_ajax_acf/update_user_settingacf\core\ajax.php:34

noprivwp_ajax_acf/update_user_settingacf\core\ajax.php:35

authwp_ajax_query-attachmentsacf\core\media.php:32

authwp_ajax_acf/validate_save_postacf\core\validation.php:30

noprivwp_ajax_acf/validate_save_postacf\core\validation.php:31

authwp_ajax_acf/fields/oembed/searchacf\fields\oembed.php:47

noprivwp_ajax_acf/fields/oembed/searchacf\fields\oembed.php:48

authwp_ajax_acf/fields/page_link/queryacf\fields\page_link.php:48

noprivwp_ajax_acf/fields/page_link/queryacf\fields\page_link.php:49

authwp_ajax_acf/fields/post_object/queryacf\fields\post_object.php:49

noprivwp_ajax_acf/fields/post_object/queryacf\fields\post_object.php:50

authwp_ajax_acf/fields/relationship/queryacf\fields\relationship.php:56

noprivwp_ajax_acf/fields/relationship/queryacf\fields\relationship.php:57

authwp_ajax_acf/fields/select/queryacf\fields\select.php:65

noprivwp_ajax_acf/fields/select/queryacf\fields\select.php:66

authwp_ajax_acf/fields/taxonomy/queryacf\fields\taxonomy.php:52

noprivwp_ajax_acf/fields/taxonomy/queryacf\fields\taxonomy.php:53

authwp_ajax_acf/fields/taxonomy/add_termacf\fields\taxonomy.php:54

authwp_ajax_acf/fields/user/queryacf\fields\user.php:46

noprivwp_ajax_acf/fields/user/queryacf\fields\user.php:47

authwp_ajax_acf/post/get_field_groupsacf\forms\post.php:47

authwp_ajax_acf/fields/clone/queryacf\pro\fields\clone.php:53

authwp_ajax_acf/fields/flexible_content/layout_titleacf\pro\fields\flexible-content.php:59

noprivwp_ajax_acf/fields/flexible_content/layout_titleacf\pro\fields\flexible-content.php:60

authwp_ajax_acf/fields/gallery/get_attachmentacf\pro\fields\gallery.php:61

noprivwp_ajax_acf/fields/gallery/get_attachmentacf\pro\fields\gallery.php:62

authwp_ajax_acf/fields/gallery/update_attachmentacf\pro\fields\gallery.php:64

noprivwp_ajax_acf/fields/gallery/update_attachmentacf\pro\fields\gallery.php:65

authwp_ajax_acf/fields/gallery/get_sort_orderacf\pro\fields\gallery.php:67

noprivwp_ajax_acf/fields/gallery/get_sort_orderacf\pro\fields\gallery.php:68

authwp_ajax_swp_get_title_from_idpart.ajax.php:3

noprivwp_ajax_swp_get_title_from_idpart.ajax.php:4

Shortcodes 1

[acf] acf\api\api-template.php:977

WordPress Hooks 207

actioninitacf\acf.php:159

actioninitacf\acf.php:160

actioninitacf\acf.php:161

actioninitacf\acf.php:162

filterposts_whereacf\acf.php:166

actionadmin_menuacf\admin\admin.php:29

actionadmin_enqueue_scriptsacf\admin\admin.php:30

actionadmin_noticesacf\admin\admin.php:31

actioncurrent_screenacf\admin\field-group.php:34

actionsave_postacf\admin\field-group.php:35

filterpost_updated_messagesacf\admin\field-group.php:45

actionacf/input/admin_enqueue_scriptsacf\admin\field-group.php:114

actionacf/input/admin_headacf\admin\field-group.php:115

actionacf/input/form_dataacf\admin\field-group.php:116

actionacf/input/admin_footeracf\admin\field-group.php:117

actionacf/input/admin_footer_jsacf\admin\field-group.php:118

filteracf/input/admin_l10nacf\admin\field-group.php:122

actionpost_submitbox_misc_actionsacf\admin\field-group.php:188

actionedit_form_after_titleacf\admin\field-group.php:189

filterscreen_settingsacf\admin\field-group.php:193

actioncurrent_screenacf\admin\field-groups.php:38

actiontrashed_postacf\admin\field-groups.php:39

actionuntrashed_postacf\admin\field-groups.php:40

actiondeleted_postacf\admin\field-groups.php:41

actionadmin_enqueue_scriptsacf\admin\field-groups.php:87

actionadmin_footeracf\admin\field-groups.php:88

filtermanage_edit-acf-field-group_columnsacf\admin\field-groups.php:92

actionmanage_acf-field-group_posts_custom_columnacf\admin\field-groups.php:93

filterviews_edit-acf-field-groupacf\admin\field-groups.php:344

actionadmin_footeracf\admin\field-groups.php:372

actionnetwork_admin_menuacf\admin\install-network.php:24

actionnetwork_admin_noticesacf\admin\install-network.php:84

actionadmin_menuacf\admin\install.php:32

actionwp_upgradeacf\admin\install.php:33

actionadmin_noticesacf\admin\install.php:66

actionadmin_menuacf\admin\settings-addons.php:24

actionadmin_menuacf\admin\settings-info.php:21

actionadmin_menuacf\admin\settings-tools.php:25

filterwp_unique_post_slugacf\api\api-field-group.php:583

filterwp_unique_post_slugacf\api\api-field.php:1262

filterposts_orderbyacf\api\api-helpers.php:1798

filteracf/settings/uploaderacf\api\api-helpers.php:4115

filteracf/settings/slugacf\api\api-helpers.php:5050

filteracf/validate_fieldacf\core\compatibility.php:21

filteracf/validate_field/type=textareaacf\core\compatibility.php:22

filteracf/validate_field/type=relationshipacf\core\compatibility.php:23

filteracf/validate_field/type=post_objectacf\core\compatibility.php:24

filteracf/validate_field/type=page_linkacf\core\compatibility.php:25

filteracf/validate_field/type=imageacf\core\compatibility.php:26

filteracf/validate_field/type=fileacf\core\compatibility.php:27

filteracf/validate_field/type=wysiwygacf\core\compatibility.php:28

filteracf/validate_field/type=date_pickeracf\core\compatibility.php:29

filteracf/validate_field/type=taxonomyacf\core\compatibility.php:30

filteracf/validate_field/type=date_time_pickeracf\core\compatibility.php:31

filteracf/validate_field/type=useracf\core\compatibility.php:32

filteracf/validate_field_groupacf\core\compatibility.php:36

filteracf/settings/show_adminacf\core\deprecated.php:25

filteracf/settings/l10n_textdomainacf\core\deprecated.php:26

filteracf/settings/l10n_fieldacf\core\deprecated.php:27

filteracf/settings/l10n_field_groupacf\core\deprecated.php:28

filteracf/validate_fieldacf\core\deprecated.php:32

filteracf/validate_field_groupacf\core\deprecated.php:33

filteracf/validate_post_idacf\core\deprecated.php:34

filteracf/get_field_typesacf\core\field.php:32

actionacf/input/admin_enqueue_scriptsacf\core\field.php:56

actionacf/input/admin_headacf\core\field.php:57

actionacf/input/form_dataacf\core\field.php:58

filteracf/input/admin_l10nacf\core\field.php:59

actionacf/input/admin_footeracf\core\field.php:60

actionacf/field_group/admin_enqueue_scriptsacf\core\field.php:64

actionacf/field_group/admin_headacf\core\field.php:65

actionacf/field_group/admin_footeracf\core\field.php:66

actionacf/validate_save_postacf\core\form.php:63

filteracf/pre_save_postacf\core\form.php:67

actionacf/save_postacf\core\input.php:34

actionacf/update_field_groupacf\core\json.php:17

actionacf/duplicate_field_groupacf\core\json.php:18

actionacf/untrash_field_groupacf\core\json.php:19

actionacf/trash_field_groupacf\core\json.php:20

actionacf/delete_field_groupacf\core\json.php:21

actionacf/include_fieldsacf\core\json.php:22

actionacf/include_fieldsacf\core\local.php:38

filteracf/get_field_groupsacf\core\local.php:42

filteracf/location/rule_match/postacf\core\location.php:21

filteracf/location/rule_match/post_typeacf\core\location.php:22

filteracf/location/rule_match/post_templateacf\core\location.php:23

filteracf/location/rule_match/post_categoryacf\core\location.php:24

filteracf/location/rule_match/post_formatacf\core\location.php:25

filteracf/location/rule_match/post_statusacf\core\location.php:26

filteracf/location/rule_match/post_taxonomyacf\core\location.php:27

filteracf/location/rule_match/pageacf\core\location.php:31

filteracf/location/rule_match/page_typeacf\core\location.php:32

filteracf/location/rule_match/page_parentacf\core\location.php:33

filteracf/location/rule_match/page_templateacf\core\location.php:34

filteracf/location/rule_match/current_useracf\core\location.php:38

filteracf/location/rule_match/current_user_roleacf\core\location.php:39

filteracf/location/rule_match/user_formacf\core\location.php:40

filteracf/location/rule_match/user_roleacf\core\location.php:41

filteracf/location/rule_match/taxonomyacf\core\location.php:45

filteracf/location/rule_match/attachmentacf\core\location.php:46

filteracf/location/rule_match/commentacf\core\location.php:47

filteracf/location/rule_match/widgetacf\core\location.php:48

actionacf/save_postacf\core\media.php:22

actionacf/input/admin_footeracf\core\media.php:23

filterwp_handle_upload_prefilteracf\core\media.php:27

filteracf/input/admin_l10nacf\core\media.php:28

filterwp_prepare_attachment_for_jsacf\core\media.php:194

actionwp_restore_post_revisionacf\core\revisions.php:28

filterwp_save_post_revision_check_for_changesacf\core\revisions.php:32

filter_wp_post_revision_fieldsacf\core\revisions.php:33

filter_wp_post_revision_fieldsacf\core\revisions.php:34

filteracf/validate_post_idacf\core\revisions.php:35

actionadmin_head-settings_page_tabify-edit-screenacf\core\third_party.php:34

filterpts_allowed_pagesacf\core\third_party.php:38

filtertabify_posttypesacf\core\third_party.php:59

actiontabify_add_meta_boxesacf\core\third_party.php:63

filterpre_set_site_transient_update_pluginsacf\core\updates.php:32

filterplugins_apiacf\core\updates.php:36

filteracf/validate_save_postacf\core\validation.php:35

actionacf/verify_ajaxacf\core\wpml.php:41

actionacf/input/admin_footeracf\core\wpml.php:42

actionacf/update_500acf\core\wpml.php:50

actionacf/update_500_field_groupacf\core\wpml.php:51

actionacf/update_field_groupacf\core\wpml.php:52

actionicl_make_duplicateacf\core\wpml.php:53

actionacf/input/form_dataacf\core\wpml.php:54

filteracf/settings/save_jsonacf\core\wpml.php:58

filteracf/settings/load_jsonacf\core\wpml.php:59

actioninitacf\fields\date_picker.php:53

filterget_media_item_argsacf\fields\file.php:54

filterget_media_item_argsacf\fields\image.php:60

filterwp_prepare_attachment_for_jsacf\fields\image.php:61

actionacf/save_postacf\fields\taxonomy.php:59

filteruser_search_columnsacf\fields\user.php:160

filteracf_the_contentacf\fields\wysiwyg.php:79

filteracf_the_contentacf\fields\wysiwyg.php:80

filteracf_the_contentacf\fields\wysiwyg.php:86

filteracf_the_contentacf\fields\wysiwyg.php:87

filteracf_the_contentacf\fields\wysiwyg.php:88

filteracf_the_contentacf\fields\wysiwyg.php:94

filteracf_the_contentacf\fields\wysiwyg.php:99

filteracf_the_contentacf\fields\wysiwyg.php:100

filteracf_the_contentacf\fields\wysiwyg.php:110

filteracf_the_contentacf\fields\wysiwyg.php:115

filteracf_the_editor_contentacf\fields\wysiwyg.php:340

filteracf_the_editor_contentacf\fields\wysiwyg.php:349

actionadmin_enqueue_scriptsacf\forms\attachment.php:34

filterattachment_fields_to_editacf\forms\attachment.php:38

filterattachment_fields_to_saveacf\forms\attachment.php:42

actionadmin_footeracf\forms\attachment.php:77

actionadmin_enqueue_scriptsacf\forms\comment.php:34

filtercomment_form_field_commentacf\forms\comment.php:38

actionedit_commentacf\forms\comment.php:45

actioncomment_postacf\forms\comment.php:46

actionadmin_footeracf\forms\comment.php:112

actionadd_meta_boxes_commentacf\forms\comment.php:113

actionadmin_enqueue_scriptsacf\forms\post.php:38

filterwp_insert_post_empty_contentacf\forms\post.php:42

actionsave_postacf\forms\post.php:43

actionacf/input/admin_headacf\forms\post.php:141

actionacf/input/admin_footeracf\forms\post.php:142

actionedit_form_after_titleacf\forms\post.php:223

filteris_protected_metaacf\forms\post.php:235

actionadmin_enqueue_scriptsacf\forms\taxonomy.php:36

actioncreate_termacf\forms\taxonomy.php:40

actionedit_termacf\forms\taxonomy.php:41

actiondelete_termacf\forms\taxonomy.php:45

actionadmin_footeracf\forms\taxonomy.php:116

actionadmin_enqueue_scriptsacf\forms\user.php:36

actionlogin_form_registeracf\forms\user.php:37

actionshow_user_profileacf\forms\user.php:40

actionedit_user_profileacf\forms\user.php:41

actionuser_new_formacf\forms\user.php:42

actionregister_formacf\forms\user.php:43

actionuser_registeracf\forms\user.php:48

actionprofile_updateacf\forms\user.php:49

actionacf/input/admin_footeracf\forms\user.php:115

actionadmin_enqueue_scriptsacf\forms\widget.php:40

actionin_widget_formacf\forms\widget.php:41

actioncustomize_saveacf\forms\widget.php:42

actioncustomize_preview_initacf\forms\widget.php:43

filterwidget_update_callbackacf\forms\widget.php:47

actionacf/input/admin_footeracf\forms\widget.php:85

filteracf/load_valueacf\forms\widget.php:396

filteracf/get_field_referenceacf\forms\widget.php:397

actioninitacf\pro\acf-pro.php:44

actionacf/include_field_typesacf\pro\acf-pro.php:45

actionacf/input/admin_enqueue_scriptsacf\pro\acf-pro.php:46

actionacf/field_group/admin_enqueue_scriptsacf\pro\acf-pro.php:47

actionadmin_menuacf\pro\admin\options-page.php:28

filteracf/location/rule_typesacf\pro\admin\options-page.php:32

filteracf/location/rule_values/options_pageacf\pro\admin\options-page.php:33

filteracf/location/rule_match/options_pageacf\pro\admin\options-page.php:34

actionacf/input/admin_enqueue_scriptsacf\pro\admin\options-page.php:253

actionacf/input/admin_headacf\pro\admin\options-page.php:254

actionadmin_menuacf\pro\admin\settings-updates.php:29

actioninitacf\pro\core\updates.php:26

filteracf/get_fieldsacf\pro\fields\clone.php:57

filteracf/prepare_fieldacf\pro\fields\clone.php:58

filteracf/clone_fieldacf\pro\fields\clone.php:59

filteracf/prepare_field_for_exportacf\pro\fields\flexible-content.php:64

filteracf/clone_fieldacf\pro\fields\flexible-content.php:65

filteracf/validate_fieldacf\pro\fields\flexible-content.php:66

filteracf/validate_fieldacf\pro\fields\repeater.php:59

filteracf/settings/pathpart.acf.php:5

filteracf/settings/dirpart.acf.php:12

actionwp_footerpart.output.php:3

Maintenance & Trust

Contact Form 7 Analytics Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedUnknown

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Contact Form 7 Analytics Alternatives

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs

Redirection for Contact Form 7

wpcf7-redirect

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs

Advanced Contact form 7 DB

advanced-cf7-db

Save all contact form 7 form submitted data to the database, View, Ordering, Change field labels and Import/Export data using CSV.

70K 6 CVEs

Connect Contact Form 7 and Mailchimp

contact-form-7-mailchimp-extension

Connect Contact Form 7 to Mailchimp. Automatically sync form submissions to your Mailchimp audiences with merge field mapping, double opt-in, and opt- …

50K 3 CVEs

Contact Form 7 Multi-Step Forms

contact-form-7-multi-step-module

Enables the Contact Form 7 plugin to create multi-page, multi-step forms.

50K 1 CVE

Developer Profile

Contact Form 7 Analytics Developer Profile

hswplugins

2 plugins · 10 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Contact Form 7 Analytics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/swp-contact-form-7-analytics/js/swp_contact_form_7_analytics.js

HTML / DOM Fingerprints

JS Globals

swpcf7analytics

FAQ