WP-Safety

Ultra Addons for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/ultimate-addons-for-contact-form-7

50+ Essential Addons for Contact Form 7 - Conditional Fields, Multi Step, Redirection, Columns, WooCommerce, Mailchimp & more

60K active installs v3.5.41 PHP 7.4+ WP 4.2+ Updated Apr 9, 2026
contact-formcontact-form-7custom-formform-builderforms
82
B · Generally Safe
CVEs total14
Unpatched0
Last CVEMar 14, 2026
Plugin page Download
Safety Verdict

Is Ultra Addons for Contact Form 7 Safe to Use in 2026?

Mostly Safe

Score 82/100

Ultra Addons for Contact Form 7 is generally safe to use. 14 past CVEs were resolved.

14 known CVEsLast CVE: Mar 14, 2026Updated 1mo ago
Risk Assessment

The "ultimate-addons-for-contact-form-7" plugin v3.5.38 presents a mixed security posture. While it demonstrates good practices like a high percentage of SQL prepared statements and proper output escaping, several areas raise concerns. The static analysis reveals a substantial attack surface, with 10 out of 40 entry points lacking authentication checks. This is exacerbated by four instances of the dangerous `unserialize` function, which can lead to remote code execution if not handled with extreme care. The taint analysis further highlights critical risks, with four high-severity flows indicating potential vulnerabilities where user-controlled input is not properly sanitized before being used in sensitive operations. The plugin's history of 13 CVEs, including a past critical vulnerability, is a significant red flag. Although there are currently no unpatched CVEs, the prevalence of past vulnerabilities in common types like missing authorization and SQL injection suggests recurring security weaknesses. The presence of bundled libraries like Select2 and TCPDF also warrants attention, as these could introduce their own vulnerabilities if outdated or misconfigured. In conclusion, while the plugin shows effort in secure coding, the combination of a large unprotected attack surface, potentially dangerous functions, concerning taint flows, and a history of numerous vulnerabilities necessitates careful consideration and vigilant monitoring.

Key Concerns

  • 10 AJAX handlers without auth checks
  • 4 instances of 'unserialize' function
  • 4 high severity taint flows
  • 13 total known CVEs historically
  • 1 critical past vulnerability
  • Bundled libraries (Select2, TCPDF)
Vulnerabilities
14 published

Ultra Addons for Contact Form 7 Security Vulnerabilities

CVEs by Year

8 CVEs in 2023
2023
5 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
1
High
4
Medium
9

14 total CVEs

CVE-2026-32460medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultra Addons for Contact Form 7 <= 3.5.36 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 14, 2026 Patched in 3.5.37 (6d)
CVE-2026-24945medium · 5.3Missing Authorization

Ultimate Addons for Contact Form 7 <= 3.5.34 - Missing Authorization

Dec 13, 2025 Patched in 3.5.35 (60d)
CVE-2025-14356medium · 4.3Authorization Bypass Through User-Controlled Key

Ultra Addons for Contact Form 7 <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF

Dec 11, 2025 Patched in 3.5.34 (1d)
CVE-2025-6756medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultra Addons for Contact Form 7 <= 3.5.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode

Jun 30, 2025 Patched in 3.5.22 (1d)
CVE-2025-6212high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultra Addons for Contact Form 7 3.5.11 - 3.5.19 - Unauthenticated Stored Cross-Site Scripting via Database module

Jun 25, 2025 Patched in 3.5.20 (1d)
CVE-2025-6220high · 7.2Unrestricted Upload of File with Dangerous Type

Ultimate Addons for Contact Form 7 <= 3.5.12 - Authenticated (Administrator+) Arbitrary File Upload via 'save_options'

Jun 17, 2025 Patched in 3.5.13 (1d)
CVE-2023-49766medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultimate Addons for Contact Form 7 <= 3.2.0 - Reflected Cross-Site Scripting

Dec 4, 2023 Patched in 3.2.1 (50d)
CVE-2023-47693medium · 5.3Missing Authorization

Ultimate Addons for Contact Form 7 <= 3.2.10 - Missing Authorization

Nov 9, 2023 Patched in 3.2.11 (75d)
CVE-2023-30493medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultimate Addons for Contact Form 7 <= 3.1.0 - Reflected Cross-Site Scripting via 'page'

Aug 28, 2023 Patched in 3.1.2 (148d)
CVE-2023-2803medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultimate Addons for Contact Form 7 <= 3.1.28 - Reflected Cross-Site Scripting

Jul 24, 2023 Patched in 3.1.29 (183d)
CVE-2023-2802medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultimate Addons for Contact Form 7 <= 3.1.28 - Authenticated (Admin+) Stored Cross-Site Scripting

Jul 24, 2023 Patched in 3.1.29 (183d)
CVE-2023-1615high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Ultimate Addons for Contact Form 7 <= 3.1.23 - Authenticated(Subscriber+) SQL Injection

Jun 8, 2023 Patched in 3.1.24 (229d)
CVE-2022-47586critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Ultimate Addons for Contact Form 7 <= 3.1.23 - Unauthenticated SQL Injection via form_id

May 9, 2023 Patched in 3.1.24 (259d)
CVE-2023-30495high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Ultimate Addons for Contact Form 7 <= 3.1.23 - Authenticated (Subscriber+) SQL Injection via id

Apr 24, 2023 Patched in 3.1.24 (274d)
Version History

Ultra Addons for Contact Form 7 Release Timeline

v3.5.41Current
v3.5.40
v3.5.39
v3.5.38
v3.5.37
v3.5.361 CVE
CVE-2026-32460
v3.5.351 CVE
CVE-2026-32460
v3.5.342 CVEs
CVE-2026-24945 CVE-2026-32460
v3.5.333 CVEs
CVE-2026-24945 CVE-2026-32460 CVE-2025-14356
v3.5.323 CVEs
CVE-2026-24945 CVE-2026-32460 CVE-2025-14356
v3.5.313 CVEs
CVE-2026-24945 CVE-2026-32460 CVE-2025-14356
v3.5.303 CVEs
CVE-2026-24945 CVE-2026-32460 CVE-2025-14356
v3.5.293 CVEs
CVE-2026-24945 CVE-2026-32460 CVE-2025-14356
v3.5.283 CVEs
CVE-2026-24945 CVE-2026-32460 CVE-2025-14356
v3.5.273 CVEs
CVE-2026-24945 CVE-2026-32460 CVE-2025-14356
v3.5.263 CVEs
CVE-2026-24945 CVE-2026-32460 CVE-2025-14356
v3.5.253 CVEs
CVE-2026-24945 CVE-2026-32460 CVE-2025-14356
v3.5.243 CVEs
CVE-2026-24945 CVE-2026-32460 CVE-2025-14356
v3.5.233 CVEs
CVE-2026-24945 CVE-2026-32460 CVE-2025-14356
v3.5.223 CVEs
CVE-2026-24945 CVE-2026-32460 CVE-2025-14356
Code Analysis
Analyzed Mar 16, 2026

Ultra Addons for Contact Form 7 Code Analysis

Dangerous Functions
4
Raw SQL Queries
8
28 prepared
Unescaped Output
352
1108 escaped
Nonce Checks
30
Capability Checks
21
File Operations
8
External Requests
9
Bundled Libraries
2

Dangerous Functions Found

unserialize$addr = unserialize( $addr_body );addons\spam-protection\ultimate-spam-protection.php:306
unserialize$mapdata = unserialize( $mapdata );admin\tf-options\fields\map\UACF7_map.php:18
unserialize$data = unserialize( $tf_rep_value );admin\tf-options\fields\repeater\UACF7_repeater.php:26
unserialize$data = ( ! is_array( $this->value ) ) ? unserialize( $this->value ) : $this->value;admin\tf-options\fields\tab\UACF7_tab.php:44

Bundled Libraries

Select2TCPDF

SQL Query Safety

78% prepared36 total queries

Output Escaping

76% escaped1460 total outputs
Data Flows · Security
5 unsanitized

Data Flow Analysis

11 flows5 with unsanitized paths
uacf7_create_database_page (addons\database\database.php:410)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
10 unprotected

Ultra Addons for Contact Form 7 Attack Surface

Entry Points40
Unprotected10

AJAX Handlers 34

authwp_ajax_uacf7_ajax_database_popupaddons\database\database.php:24
authwp_ajax_uacf7dp_get_table_dataaddons\database\database.php:36
noprivwp_ajax_uacf7dp_get_table_dataaddons\database\database.php:37
authwp_ajax_uacf7dp_view_table_dataaddons\database\database.php:40
noprivwp_ajax_uacf7dp_view_table_dataaddons\database\database.php:41
authwp_ajax_uacf7dp_deleted_table_datasaddons\database\database.php:43
authwp_ajax_uacf7dp_bulk_deleted_table_datasaddons\database\database.php:44
authwp_ajax_uacf7_ajax_database_export_csvaddons\database\database.php:52
authwp_ajax_uacf7_form_generator_aiaddons\form-generator-ai\form-generator-ai.php:23
authwp_ajax_uacf7_form_generator_ai_get_tagaddons\form-generator-ai\form-generator-ai.php:26
authwp_ajax_uacf7_ajax_mailchimpaddons\mailchimp\mailchimp.php:17
authwp_ajax_check_fields_validationaddons\multistep\multistep.php:16
noprivwp_ajax_check_fields_validationaddons\multistep\multistep.php:17
authwp_ajax_uacf7_get_generated_pdfaddons\pdf-generator\pdf-generator.php:21
authwp_ajax_uacf7_ajax_pre_populate_redirectaddons\pre-populate-field\pre-populate-field.php:16
noprivwp_ajax_uacf7_ajax_pre_populate_redirectaddons\pre-populate-field\pre-populate-field.php:17
authwp_ajax_uacf7_update_submission_idaddons\submission-id\ultimate-submission-id.php:18
noprivwp_ajax_uacf7_update_submission_idaddons\submission-id\ultimate-submission-id.php:19
authwp_ajax_uacf7_options_saveadmin\tf-options\classes\UACF7_Settings.php:36
authwp_ajax_uacf7_themefic_manage_pluginadmin\tf-options\classes\UACF7_Settings.php:38
authwp_ajax_uacf7_option_importadmin\tf-options\TF_Options.php:41
authwp_ajax_tf_black_friday_notice_dismiss_callbackinc\class-promo-notice.php:63
authwp_ajax_uacf7_promo_side_notice_cf7_dismiss_callbackinc\class-promo-notice.php:84
authwp_ajax_uacf7_dashboard_widget_dismissinc\class-promo-notice.php:98
authwp_ajax_uacf7_onclick_ajax_activate_plugininc\class-setup-wizard.php:32
authwp_ajax_uacf7_form_generator_ai_quick_startinc\class-setup-wizard.php:33
authwp_ajax_uacf7_form_quick_create_forminc\class-setup-wizard.php:34
authwp_ajax_contact_form_7_ajax_install_plugininc\class-setup-wizard.php:37
authwp_ajax_uacf7_review_notice_callbackinc\functions.php:506
authwp_ajax_uacf7_install_hydra_bookinginc\functions.php:1276
authwp_ajax_uacf7_dismiss_booking_pro_noticeinc\functions.php:1328
authwp_ajax_install_hydrabookinginc\functions.php:1843
authwp_ajax_activate_hydrabookinginc\functions.php:1862
authwp_ajax_uacf7_set_modal_showninc\functions.php:1873

Shortcodes 6

[UACF7_URL] addons\dynamic-text\inc\shortcode.php:45
[UACF7_URL_WITH_PERAMETERS] addons\dynamic-text\inc\shortcode.php:57
[UACF7_BLOGINFO] addons\dynamic-text\inc\shortcode.php:72
[UACF7_POSTINFO] addons\dynamic-text\inc\shortcode.php:91
[UACF7_USERINFO] addons\dynamic-text\inc\shortcode.php:110
[UACF7_CUSTOM_FIELDS] addons\dynamic-text\inc\shortcode.php:148
WordPress Hooks 169
actionadmin_enqueue_scriptsaddons\column\column.php:16
actionwp_enqueue_scriptsaddons\column\column.php:19
actionwpcf7_initaddons\column\column.php:20
actionadmin_initaddons\column\column.php:21
filterwpcf7_contact_form_propertiesaddons\column\column.php:22
filterwpcf7_contact_form_propertiesaddons\column\column.php:23
actionadmin_enqueue_scriptsaddons\conditional-field\conditional-fields.php:19
actionwp_enqueue_scriptsaddons\conditional-field\conditional-fields.php:23
actionwpcf7_initaddons\conditional-field\conditional-fields.php:24
actionadmin_initaddons\conditional-field\conditional-fields.php:25
filterwpcf7_contact_form_propertiesaddons\conditional-field\conditional-fields.php:28
actionwpcf7_form_hidden_fieldsaddons\conditional-field\conditional-fields.php:30
filterwpcf7_posted_dataaddons\conditional-field\conditional-fields.php:32
filterwpcf7_validateaddons\conditional-field\conditional-fields.php:33
actionwpcf7_validate_checkbox*addons\conditional-field\conditional-fields.php:35
filterwpcf7_validate_file*addons\conditional-field\conditional-fields.php:37
filterwpcf7_validate_multifile*addons\conditional-field\conditional-fields.php:38
actionwpcf7_config_validator_validateaddons\conditional-field\conditional-fields.php:40
actionwpcf7_before_send_mailaddons\conditional-field\conditional-fields.php:42
filteruacf7_post_meta_optionsaddons\conditional-field\conditional-fields.php:44
filteruacf7_pdf_generator_replace_condition_dataaddons\conditional-field\conditional-fields.php:45
actionwpcf7_initaddons\country-dropdown\country-dropdown.php:15
actionadmin_initaddons\country-dropdown\country-dropdown.php:17
filterwpcf7_validate_uacf7_country_dropdownaddons\country-dropdown\country-dropdown.php:19
filterwpcf7_validate_uacf7_country_dropdown*addons\country-dropdown\country-dropdown.php:21
actionwp_enqueue_scriptsaddons\country-dropdown\country-dropdown.php:23
actionadmin_enqueue_scriptsaddons\database\database.php:21
actionwpcf7_before_send_mailaddons\database\database.php:22
actionadmin_menuaddons\database\database.php:23
actionadmin_initaddons\database\database.php:26
actionadmin_initaddons\database\database.php:32
actionadmin_enqueue_scriptsaddons\database\database.php:34
filteruacf7dp_send_form_data_before_insertaddons\database\database.php:49
filteruacf7dp_column_default_fieldsaddons\database\inc\functions.php:22
actionadmin_enqueue_scriptsaddons\dynamic-text\dynamic-text.php:13
actionwpcf7_initaddons\dynamic-text\dynamic-text.php:15
actionadmin_initaddons\dynamic-text\dynamic-text.php:17
filterwpcf7_validate_uacf7_dynamic_textaddons\dynamic-text\dynamic-text.php:19
filterwpcf7_validate_uacf7_dynamic_text*addons\dynamic-text\dynamic-text.php:21
actionadmin_enqueue_scriptsaddons\form-generator-ai\form-generator-ai.php:16
actionwpcf7_admin_footeraddons\form-generator-ai\form-generator-ai.php:20
filterwpcf7_contact_form_propertiesaddons\form-generator-ai\form-generator-ai.php:29
actionwpcf7_before_send_mailaddons\mailchimp\mailchimp.php:13
filteruacf7_post_meta_optionsaddons\mailchimp\mailchimp.php:14
filteruacf7_settings_optionsaddons\mailchimp\mailchimp.php:15
actionadmin_enqueue_scriptsaddons\mailchimp\mailchimp.php:16
actionwp_enqueue_scriptsaddons\multistep\multistep.php:14
actionadmin_initaddons\multistep\multistep.php:15
filterwpcf7_contact_formaddons\multistep\multistep.php:21
filteruacf7_post_meta_optionsaddons\multistep\multistep.php:22
filteruacf7_post_meta_options_multistep_proaddons\multistep\multistep.php:23
filteruacf7_multistep_steps_namesaddons\multistep\multistep.php:24
filteruacf7_multistep_step_titleaddons\multistep\multistep.php:25
actionadmin_enqueue_scriptsaddons\pdf-generator\pdf-generator.php:18
filterwpcf7_mail_componentsaddons\pdf-generator\pdf-generator.php:19
actionwpcf7_mail_sentaddons\pdf-generator\pdf-generator.php:23
filteruacf7_post_meta_optionsaddons\pdf-generator\pdf-generator.php:25
filteruacf7_post_meta_import_exportaddons\pdf-generator\pdf-generator.php:26
filterwpcf7_ajax_json_echoaddons\pdf-generator\pdf-generator.php:38
actionadmin_enqueue_scriptsaddons\placeholder\placeholder.php:12
filterwpcf7_contact_form_propertiesaddons\placeholder\placeholder.php:13
filteruacf7_post_meta_optionsaddons\placeholder\placeholder.php:14
actionwp_enqueue_scriptsaddons\pre-populate-field\pre-populate-field.php:15
filteruacf7_post_meta_optionsaddons\pre-populate-field\pre-populate-field.php:18
actionwpcf7_initaddons\product-dropdown\product-dropdown.php:13
actionadmin_initaddons\product-dropdown\product-dropdown.php:14
filterwpcf7_validate_uacf7_product_dropdownaddons\product-dropdown\product-dropdown.php:15
filterwpcf7_validate_uacf7_product_dropdown*addons\product-dropdown\product-dropdown.php:16
actionadmin_enqueue_scriptsaddons\product-dropdown\product-dropdown.php:17
actionwpcf7_initaddons\range-slider\range-slider.php:22
actionadmin_initaddons\range-slider\range-slider.php:23
actionwpcf7_contact_form_propertiesaddons\range-slider\range-slider.php:24
actionwp_enqueue_scriptsaddons\range-slider\range-slider.php:25
filteruacf7_post_meta_optionsaddons\range-slider\range-slider.php:26
actionwp_enqueue_scriptsaddons\redirection\redirect.php:22
actionwpcf7_submitaddons\redirection\redirect.php:24
filteruacf7_post_meta_optionsaddons\redirection\redirect.php:25
actionwpcf7_editor_panelsaddons\signature\inc\signature.php:18
actionwpcf7_after_saveaddons\signature\inc\signature.php:19
actionwp_enqueue_scriptsaddons\signature\ultimate-signature.php:13
actionadmin_initaddons\signature\ultimate-signature.php:15
actionwpcf7_initaddons\signature\ultimate-signature.php:16
filterwpcf7_validate_uacf7_signatureaddons\signature\ultimate-signature.php:18
filterwpcf7_validate_uacf7_signature*addons\signature\ultimate-signature.php:19
filteruacf7_post_meta_optionsaddons\signature\ultimate-signature.php:21
actionwpcf7_initaddons\spam-protection\ultimate-spam-protection.php:10
actionadmin_initaddons\spam-protection\ultimate-spam-protection.php:11
filteruacf7_post_meta_optionsaddons\spam-protection\ultimate-spam-protection.php:12
actionwp_enqueue_scriptsaddons\spam-protection\ultimate-spam-protection.php:13
actionwp_enqueue_scriptsaddons\star-rating\star-rating.php:11
actionwpcf7_initaddons\star-rating\star-rating.php:12
actionwpcf7_swv_create_schemaaddons\star-rating\star-rating.php:13
actionadmin_initaddons\star-rating\star-rating.php:14
filterwpcf7_contact_form_propertiesaddons\styler\uacf7style.php:12
filteruacf7_post_meta_optionsaddons\styler\uacf7style.php:13
actionadmin_initaddons\submission-id\inc\submission-id.php:12
filtertf_metabox_before_save_optionaddons\submission-id\inc\submission-id.php:13
actionwp_enqueue_scriptsaddons\submission-id\ultimate-submission-id.php:14
actionadmin_initaddons\submission-id\ultimate-submission-id.php:16
actionwpcf7_initaddons\submission-id\ultimate-submission-id.php:17
filterwpcf7_mail_componentsaddons\submission-id\ultimate-submission-id.php:22
actionuacf7_submission_id_insertaddons\submission-id\ultimate-submission-id.php:25
filteruacf7_post_meta_optionsaddons\submission-id\ultimate-submission-id.php:27
actionwpcf7_before_send_mailaddons\submission-id\ultimate-submission-id.php:29
actionwpcf7_before_send_mailaddons\telegram\ultimate-telegram.php:15
actionadmin_enqueue_scriptsaddons\telegram\ultimate-telegram.php:16
filteruacf7_post_meta_optionsaddons\telegram\ultimate-telegram.php:17
actionadmin_enqueue_scriptsaddons\web-hook\web-hook.php:12
filteruacf7_post_meta_optionsaddons\web-hook\web-hook.php:14
actionwpcf7_before_send_mailaddons\web-hook\web-hook.php:16
actionadmin_menuadmin\admin-menu.php:9
actionadd_meta_boxesadmin\tf-options\classes\UACF7_Metabox.php:21
actionwpcf7_admin_footeradmin\tf-options\classes\UACF7_Metabox.php:25
actionsave_postadmin\tf-options\classes\UACF7_Metabox.php:28
actionadmin_menuadmin\tf-options\classes\UACF7_Settings.php:30
actionadmin_initadmin\tf-options\classes\UACF7_Settings.php:33
actionadmin_footeradmin\tf-options\fields\icon\UACF7_icon.php:14
actionadmin_enqueue_scriptsadmin\tf-options\TF_Options.php:36
actionadmin_enqueue_scriptsadmin\tf-options\TF_Options.php:37
actionswitch_themeinc\app\src\Insights.php:135
actionswitch_themeinc\app\src\Insights.php:136
actionadmin_footerinc\app\src\Insights.php:146
actionadmin_noticesinc\app\src\Insights.php:161
actionadmin_initinc\app\src\Insights.php:164
filtercron_schedulesinc\app\src\Insights.php:168
actionadmin_menuinc\app\src\License.php:219
actionafter_switch_themeinc\app\src\License.php:781
actionswitch_themeinc\app\src\License.php:782
filterpre_set_site_transient_update_pluginsinc\app\src\Updater.php:51
filterplugins_apiinc\app\src\Updater.php:52
filterpre_set_site_transient_update_themesinc\app\src\Updater.php:61
filteruacf7_dashboard_helper_bannerinc\class-helper-banner.php:12
actionadmin_footerinc\class-helper-banner.php:13
filtercron_schedulesinc\class-promo-notice.php:45
actionuacf7_promo__schudleinc\class-promo-notice.php:51
actionadmin_noticesinc\class-promo-notice.php:62
actionwpcf7_admin_misc_pub_sectioninc\class-promo-notice.php:83
actioninitinc\class-promo-notice.php:97
actionwp_dashboard_setupinc\class-promo-notice.php:111
actionadmin_menuinc\class-setup-wizard.php:29
filteruacf7_settings_optionsinc\class-setup-wizard.php:30
actionadmin_initinc\class-setup-wizard.php:31
actionin_admin_headerinc\class-setup-wizard.php:35
filteruacf7_post_meta_optionsinc\functions.php:34
filteruacf7_settingsinc\functions.php:104
actionuacf7_multistep_pro_featuresinc\functions.php:180
actionuacf7_multistep_before_forminc\functions.php:281
filterwpcf7_contact_form_propertiesinc\functions.php:351
actionadmin_initinc\functions.php:392
actionadmin_noticesinc\functions.php:483
actionadmin_initinc\functions.php:1231
actionadmin_noticesinc\functions.php:1474
actionadmin_noticesinc\functions.php:1480
actionadmin_initinc\functions.php:1481
actionadmin_noticesinc\functions.php:1482
actionadmin_initinc\functions.php:1483
actionwpcf7_before_send_mailinc\functions.php:1661
actionadmin_footerinc\functions.php:1694
actionadmin_noticesinc\functions.php:1877
actionadmin_initinc\functions.php:1878
actionadmin_noticesinc\functions.php:1879
actionadmin_initinc\functions.php:1880
actionwpcf7_after_createinc\functions.php:2047
actioninitultimate-addons-for-contact-form-7.php:40
filterwpcf7_autop_or_notultimate-addons-for-contact-form-7.php:43
actionadmin_enqueue_scriptsultimate-addons-for-contact-form-7.php:49
actionadmin_enqueue_scriptsultimate-addons-for-contact-form-7.php:63
actionwp_enqueue_scriptsultimate-addons-for-contact-form-7.php:64
actionadmin_noticesultimate-addons-for-contact-form-7.php:76

Scheduled Events 1

uacf7_promo__schudle
Maintenance & Trust

Ultra Addons for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 9, 2026
PHP min version7.4
Downloads2.1M

Community Trust

Rating96/100
Number of ratings102
Active installs60K
Alternatives

Ultra Addons for Contact Form 7 Alternatives

Origami For Contact Form 7 – Visual Form Progress

Origami For Contact Form 7 – Visual Form Progress

origami-for-contact-form-7

A
92

Tired of boring forms? Enhance your Contact Form 7 with interactive origami animations, making form-filling fun and engaging!

0 No CVEs
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

A
88

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 16 CVEs
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

B
82

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

700K 33 CVEs
SureForms – Contact Form, Payment Form & Other Custom Form Builder

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

A
88

The most beginner-friendly AI Form Builder for WordPress. Create contact, payment, quiz & custom forms with advanced features in minutes.

500K 16 CVEs
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

everest-forms

B
77

The best WordPress form builder. Create contact forms, payment forms, conversational forms, custom forms, surveys, & quizzes using drag and drop.

100K 15 CVEs
Developer Profile

Ultra Addons for Contact Form 7 Developer Profile

Themefic

11 plugins · 97K total installs

83
trust score
Avg Security Score
93/100
Avg Patch Time
85 days
View full developer profile
Detection Fingerprints

How We Detect Ultra Addons for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ultimate-addons-for-contact-form-7/assets/css/admin-style.css/wp-content/plugins/ultimate-addons-for-contact-form-7/assets/js/admin-script.js/wp-content/plugins/ultimate-addons-for-contact-form-7/assets/app/libs/notyf/notyf.min.css/wp-content/plugins/ultimate-addons-for-contact-form-7/assets/app/libs/notyf/notyf.min.js/wp-content/plugins/ultimate-addons-for-contact-form-7/assets/css/uacf7-frontend.css/wp-content/plugins/ultimate-addons-for-contact-form-7/assets/css/form-style.css
Script Paths
/wp-content/plugins/ultimate-addons-for-contact-form-7/assets/js/admin-script.js/wp-content/plugins/ultimate-addons-for-contact-form-7/assets/app/libs/notyf/notyf.min.js
Version Parameters
ultimate-addons-for-contact-form-7/assets/app/libs/notyf/notyf.min.css?ver=ultimate-addons-for-contact-form-7/assets/app/libs/notyf/notyf.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
uacf7-admin-styleuacf7-frontend-styleuacf7-form-style
Data Attributes
data-noncedata-uacf7_admin_noncedata-themefic_noncedata-uacf7_admin_params
JS Globals
uacf7_optionsuacf7_admin_datauacf7_admin_params
FAQ

Frequently Asked Questions about Ultra Addons for Contact Form 7