Does ToolTips For Contact Form 7 have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is ToolTips For Contact Form 7 compatible with WordPress 6.7.5?

According to WordPress.org data, ToolTips For Contact Form 7 1.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is ToolTips For Contact Form 7 updated?

ToolTips For Contact Form 7 was last updated on May 12, 2025. Frequent updates are generally a positive security signal.

What is ToolTips For Contact Form 7's security score?

ToolTips For Contact Form 7 has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ToolTips For Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/tool-tips-for-contact-form-7

Contact Form 7 Tooltips is Extremely easy Configurable. Each Form Has Own Configuration. So, Each Contact Form 7 Tooltips Can be set Uniquely.

200 active installs v1.0 PHP + WP 5.5+ Updated May 12, 2025

contact-form-7tool-tips-for-contact-form-7

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is ToolTips For Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 92/100

ToolTips For Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "tool-tips-for-contact-form-7" plugin v1.0 exhibits a generally strong security posture based on the provided static analysis. The complete absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests are significant strengths. Furthermore, the high percentage of properly escaped output and the presence of a nonce check are good indicators of secure coding practices. The plugin also has no recorded vulnerabilities, which suggests a history of secure development or diligent patching.

However, the analysis does reveal a potential weakness. While the total attack surface is small, the presence of a shortcode without explicit capability checks is a point of concern. Although the analysis indicates no unprotected entry points and a clean taint analysis, the lack of capability checks on the shortcode means its functionality could be accessed by any logged-in user, regardless of their role or permissions. This is the primary area for improvement.

In conclusion, the plugin is well-written with many secure coding practices in place, evidenced by the lack of critical issues in taint analysis and the absence of known vulnerabilities. The primary weakness lies in the potential for unauthorized access to the shortcode's functionality due to the absence of capability checks. Addressing this single point would significantly enhance the plugin's security.

Key Concerns

Shortcode without capability checks

Vulnerabilities

None known

ToolTips For Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

ToolTips For Contact Form 7 Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

ToolTips For Contact Form 7 Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

78 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

85% escaped92 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

ttfcf7_add_tool_tips_type (includes\admin.php:160)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

ToolTips For Contact Form 7 Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[mytooltips] includes\frontend.php:15

WordPress Hooks 6

actionadmin_menuincludes\admin.php:2

actioninitincludes\admin.php:159

filterwpcf7_form_elementsincludes\frontend.php:16

actionwp_footerincludes\frontend.php:33

actionwp_enqueue_scriptstool-tips-for-contact-form-7.php:44

actionadmin_enqueue_scriptstool-tips-for-contact-form-7.php:57

Maintenance & Trust

ToolTips For Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMay 12, 2025

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings2

Active installs200

Alternatives

ToolTips For Contact Form 7 Alternatives

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs

ReCaptcha v2 for Contact Form 7

wpcf7-recaptcha

Adds reCaptcha v2 from Contact Form 7 5.0.5 that was dropped on Contact Form 7 5.1

200K No CVEs

Redirection for Contact Form 7

wpcf7-redirect

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs

Conditional Fields for Contact Form 7

cf7-conditional-fields

Adds conditional logic to Contact Form 7.

100K 4 CVEs

Contact Form 7 – Dynamic Text Extension

contact-form-7-dynamic-text-extension

Extends Contact Form 7 by adding dynamic form fields that accepts shortcodes to prepopulate form fields with default values and dynamic placeholders.

100K 1 unpatched

Developer Profile

ToolTips For Contact Form 7 Developer Profile

howdytheme

20 plugins · 5K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ToolTips For Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tool-tips-for-contact-form-7/admin/css/design.css/wp-content/plugins/tool-tips-for-contact-form-7/admin/js/wp-color-picker-alpha.js/wp-content/plugins/tool-tips-for-contact-form-7/public/js/design.js/wp-content/plugins/tool-tips-for-contact-form-7/public/js/popper.min.js/wp-content/plugins/tool-tips-for-contact-form-7/public/js/tippy-bundle.umd.js

Script Paths

/wp-content/plugins/tool-tips-for-contact-form-7/public/js/popper.min.js/wp-content/plugins/tool-tips-for-contact-form-7/public/js/tippy-bundle.umd.js/wp-content/plugins/tool-tips-for-contact-form-7/public/js/design.js/wp-content/plugins/tool-tips-for-contact-form-7/admin/js/wp-color-picker-alpha.js

Version Parameters

tool-tips-for-contact-form-7/public/js/popper.min.js?ver=tool-tips-for-contact-form-7/public/js/tippy-bundle.umd.js?ver=tool-tips-for-contact-form-7/public/js/design.js?ver=tool-tips-for-contact-form-7/admin/js/wp-color-picker-alpha.js?ver=tool-tips-for-contact-form-7/admin/css/design.css?ver=

HTML / DOM Fingerprints

CSS Classes

ttfcf7_common_link

Data Attributes

custom_shortcodedata-tippy-placementdata-tippy-maxWidthdata-tippy-arrowdata-tippy-triggerdata-tippy-offset

JS Globals

jQuery( function() { jQuery( ".color-picker" ).wpColorPicker(); } );

Shortcode Output

<span class="mytooltips" custom_shortcode="data-tippy-placement="auto"data-tippy-maxWidth="data-tippy-arrow="

FAQ