Does Ultra Addons for Contact Form 7 have any unpatched vulnerabilities?

No. All known vulnerabilities in Ultra Addons for Contact Form 7 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Ultra Addons for Contact Form 7 compatible with WordPress 6.9.4?

According to WordPress.org data, Ultra Addons for Contact Form 7 3.5.38 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Ultra Addons for Contact Form 7 compatible with PHP 7.4+?

Ultra Addons for Contact Form 7 requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Ultra Addons for Contact Form 7 updated?

Ultra Addons for Contact Form 7 was last updated on Mar 11, 2026. Frequent updates are generally a positive security signal.

What is Ultra Addons for Contact Form 7's security score?

Ultra Addons for Contact Form 7 has a WP-Safety security score of 82/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ultra Addons for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/ultimate-addons-for-contact-form-7

50+ Essential Addons for Contact Form 7 - Conditional Fields, Multi Step, Redirection, Columns, WooCommerce, Mailchimp & more

60K active installs v3.5.38 PHP 7.4+ WP 4.2+ Updated Mar 11, 2026

contact-formcontact-form-7custom-formform-builderforms

B · Generally Safe

CVEs total13

Unpatched0

Last CVEDec 13, 2025

Plugin page Download

Safety Verdict

Is Ultra Addons for Contact Form 7 Safe to Use in 2026?

Mostly Safe

Score 82/100

Ultra Addons for Contact Form 7 is generally safe to use. 13 past CVEs were resolved. Keep it updated.

13 known CVEsLast CVE: Dec 13, 2025Updated 23d ago

Risk Assessment

The "ultimate-addons-for-contact-form-7" plugin v3.5.38 presents a mixed security posture. While it demonstrates good practices like a high percentage of SQL prepared statements and proper output escaping, several areas raise concerns. The static analysis reveals a substantial attack surface, with 10 out of 40 entry points lacking authentication checks. This is exacerbated by four instances of the dangerous `unserialize` function, which can lead to remote code execution if not handled with extreme care. The taint analysis further highlights critical risks, with four high-severity flows indicating potential vulnerabilities where user-controlled input is not properly sanitized before being used in sensitive operations. The plugin's history of 13 CVEs, including a past critical vulnerability, is a significant red flag. Although there are currently no unpatched CVEs, the prevalence of past vulnerabilities in common types like missing authorization and SQL injection suggests recurring security weaknesses. The presence of bundled libraries like Select2 and TCPDF also warrants attention, as these could introduce their own vulnerabilities if outdated or misconfigured. In conclusion, while the plugin shows effort in secure coding, the combination of a large unprotected attack surface, potentially dangerous functions, concerning taint flows, and a history of numerous vulnerabilities necessitates careful consideration and vigilant monitoring.

Key Concerns

10 AJAX handlers without auth checks
4 instances of 'unserialize' function
4 high severity taint flows
13 total known CVEs historically
1 critical past vulnerability
Bundled libraries (Select2, TCPDF)

Vulnerabilities

Ultra Addons for Contact Form 7 Security Vulnerabilities

CVEs by Year

8 CVEs in 2023

2023

5 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

13 total CVEs

CVE-2026-24945medium · 5.3Missing Authorization

Ultimate Addons for Contact Form 7 <= 3.5.34 - Missing Authorization

Dec 13, 2025 Patched in 3.5.35 (60d)

CVE-2025-14356medium · 4.3Authorization Bypass Through User-Controlled Key

Ultra Addons for Contact Form 7 <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF

Dec 11, 2025 Patched in 3.5.34 (1d)

CVE-2025-6756medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultra Addons for Contact Form 7 <= 3.5.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode

Jun 30, 2025 Patched in 3.5.22 (1d)

CVE-2025-6212high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultra Addons for Contact Form 7 3.5.11 - 3.5.19 - Unauthenticated Stored Cross-Site Scripting via Database module

Jun 25, 2025 Patched in 3.5.20 (1d)

CVE-2025-6220high · 7.2Unrestricted Upload of File with Dangerous Type

Ultimate Addons for Contact Form 7 <= 3.5.12 - Authenticated (Administrator+) Arbitrary File Upload via 'save_options'

Jun 17, 2025 Patched in 3.5.13 (1d)

CVE-2023-49766medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultimate Addons for Contact Form 7 <= 3.2.0 - Reflected Cross-Site Scripting

Dec 4, 2023 Patched in 3.2.1 (50d)

CVE-2023-47693medium · 5.3Missing Authorization

Ultimate Addons for Contact Form 7 <= 3.2.10 - Missing Authorization

Nov 9, 2023 Patched in 3.2.11 (75d)

CVE-2023-30493medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultimate Addons for Contact Form 7 <= 3.1.0 - Reflected Cross-Site Scripting via 'page'

Aug 28, 2023 Patched in 3.1.2 (148d)

CVE-2023-2803medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultimate Addons for Contact Form 7 <= 3.1.28 - Reflected Cross-Site Scripting

Jul 24, 2023 Patched in 3.1.29 (183d)

CVE-2023-2802medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ultimate Addons for Contact Form 7 <= 3.1.28 - Authenticated (Admin+) Stored Cross-Site Scripting

Jul 24, 2023 Patched in 3.1.29 (183d)

CVE-2023-1615high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Ultimate Addons for Contact Form 7 <= 3.1.23 - Authenticated(Subscriber+) SQL Injection

Jun 8, 2023 Patched in 3.1.24 (229d)

CVE-2022-47586critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Ultimate Addons for Contact Form 7 <= 3.1.23 - Unauthenticated SQL Injection via form_id

May 9, 2023 Patched in 3.1.24 (259d)

CVE-2023-30495high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Ultimate Addons for Contact Form 7 <= 3.1.23 - Authenticated (Subscriber+) SQL Injection via id

Apr 24, 2023 Patched in 3.1.24 (274d)

Code Analysis

Analyzed Mar 16, 2026

Ultra Addons for Contact Form 7 Code Analysis

Dangerous Functions

Raw SQL Queries

28 prepared

Unescaped Output

352

1108 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$addr = unserialize( $addr_body );addons\spam-protection\ultimate-spam-protection.php:306

unserialize$mapdata = unserialize( $mapdata );admin\tf-options\fields\map\UACF7_map.php:18

unserialize$data = unserialize( $tf_rep_value );admin\tf-options\fields\repeater\UACF7_repeater.php:26

unserialize$data = ( ! is_array( $this->value ) ) ? unserialize( $this->value ) : $this->value;admin\tf-options\fields\tab\UACF7_tab.php:44

Bundled Libraries

Select2TCPDF

SQL Query Safety

78% prepared36 total queries

Output Escaping

76% escaped1460 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

11 flows5 with unsanitized paths

uacf7_create_database_page (addons\database\database.php:410)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

Ultra Addons for Contact Form 7 Attack Surface

Entry Points40

Unprotected10

AJAX Handlers 34

authwp_ajax_uacf7_ajax_database_popupaddons\database\database.php:24

authwp_ajax_uacf7dp_get_table_dataaddons\database\database.php:36

noprivwp_ajax_uacf7dp_get_table_dataaddons\database\database.php:37

authwp_ajax_uacf7dp_view_table_dataaddons\database\database.php:40

noprivwp_ajax_uacf7dp_view_table_dataaddons\database\database.php:41

authwp_ajax_uacf7dp_deleted_table_datasaddons\database\database.php:43

authwp_ajax_uacf7dp_bulk_deleted_table_datasaddons\database\database.php:44

authwp_ajax_uacf7_ajax_database_export_csvaddons\database\database.php:52

authwp_ajax_uacf7_form_generator_aiaddons\form-generator-ai\form-generator-ai.php:23

authwp_ajax_uacf7_form_generator_ai_get_tagaddons\form-generator-ai\form-generator-ai.php:26

authwp_ajax_uacf7_ajax_mailchimpaddons\mailchimp\mailchimp.php:17

authwp_ajax_check_fields_validationaddons\multistep\multistep.php:16

noprivwp_ajax_check_fields_validationaddons\multistep\multistep.php:17

authwp_ajax_uacf7_get_generated_pdfaddons\pdf-generator\pdf-generator.php:21

authwp_ajax_uacf7_ajax_pre_populate_redirectaddons\pre-populate-field\pre-populate-field.php:16

noprivwp_ajax_uacf7_ajax_pre_populate_redirectaddons\pre-populate-field\pre-populate-field.php:17

authwp_ajax_uacf7_update_submission_idaddons\submission-id\ultimate-submission-id.php:18

noprivwp_ajax_uacf7_update_submission_idaddons\submission-id\ultimate-submission-id.php:19

authwp_ajax_uacf7_options_saveadmin\tf-options\classes\UACF7_Settings.php:36

authwp_ajax_uacf7_themefic_manage_pluginadmin\tf-options\classes\UACF7_Settings.php:38

authwp_ajax_uacf7_option_importadmin\tf-options\TF_Options.php:41

authwp_ajax_tf_black_friday_notice_dismiss_callbackinc\class-promo-notice.php:63

authwp_ajax_uacf7_promo_side_notice_cf7_dismiss_callbackinc\class-promo-notice.php:84

authwp_ajax_uacf7_dashboard_widget_dismissinc\class-promo-notice.php:98

authwp_ajax_uacf7_onclick_ajax_activate_plugininc\class-setup-wizard.php:32

authwp_ajax_uacf7_form_generator_ai_quick_startinc\class-setup-wizard.php:33

authwp_ajax_uacf7_form_quick_create_forminc\class-setup-wizard.php:34

authwp_ajax_contact_form_7_ajax_install_plugininc\class-setup-wizard.php:37

authwp_ajax_uacf7_review_notice_callbackinc\functions.php:506

authwp_ajax_uacf7_install_hydra_bookinginc\functions.php:1276

authwp_ajax_uacf7_dismiss_booking_pro_noticeinc\functions.php:1328

authwp_ajax_install_hydrabookinginc\functions.php:1843

authwp_ajax_activate_hydrabookinginc\functions.php:1862

authwp_ajax_uacf7_set_modal_showninc\functions.php:1873

Shortcodes 6

[UACF7_URL] addons\dynamic-text\inc\shortcode.php:45

[UACF7_URL_WITH_PERAMETERS] addons\dynamic-text\inc\shortcode.php:57

[UACF7_BLOGINFO] addons\dynamic-text\inc\shortcode.php:72

[UACF7_POSTINFO] addons\dynamic-text\inc\shortcode.php:91

[UACF7_USERINFO] addons\dynamic-text\inc\shortcode.php:110

[UACF7_CUSTOM_FIELDS] addons\dynamic-text\inc\shortcode.php:148

WordPress Hooks 169

actionadmin_enqueue_scriptsaddons\column\column.php:16

actionwp_enqueue_scriptsaddons\column\column.php:19

actionwpcf7_initaddons\column\column.php:20

actionadmin_initaddons\column\column.php:21

filterwpcf7_contact_form_propertiesaddons\column\column.php:22

filterwpcf7_contact_form_propertiesaddons\column\column.php:23

actionadmin_enqueue_scriptsaddons\conditional-field\conditional-fields.php:19

actionwp_enqueue_scriptsaddons\conditional-field\conditional-fields.php:23

actionwpcf7_initaddons\conditional-field\conditional-fields.php:24

actionadmin_initaddons\conditional-field\conditional-fields.php:25

filterwpcf7_contact_form_propertiesaddons\conditional-field\conditional-fields.php:28

actionwpcf7_form_hidden_fieldsaddons\conditional-field\conditional-fields.php:30

filterwpcf7_posted_dataaddons\conditional-field\conditional-fields.php:32

filterwpcf7_validateaddons\conditional-field\conditional-fields.php:33

actionwpcf7_validate_checkbox*addons\conditional-field\conditional-fields.php:35

filterwpcf7_validate_file*addons\conditional-field\conditional-fields.php:37

filterwpcf7_validate_multifile*addons\conditional-field\conditional-fields.php:38

actionwpcf7_config_validator_validateaddons\conditional-field\conditional-fields.php:40

actionwpcf7_before_send_mailaddons\conditional-field\conditional-fields.php:42

filteruacf7_post_meta_optionsaddons\conditional-field\conditional-fields.php:44

filteruacf7_pdf_generator_replace_condition_dataaddons\conditional-field\conditional-fields.php:45

actionwpcf7_initaddons\country-dropdown\country-dropdown.php:15

actionadmin_initaddons\country-dropdown\country-dropdown.php:17

filterwpcf7_validate_uacf7_country_dropdownaddons\country-dropdown\country-dropdown.php:19

filterwpcf7_validate_uacf7_country_dropdown*addons\country-dropdown\country-dropdown.php:21

actionwp_enqueue_scriptsaddons\country-dropdown\country-dropdown.php:23

actionadmin_enqueue_scriptsaddons\database\database.php:21

actionwpcf7_before_send_mailaddons\database\database.php:22

actionadmin_menuaddons\database\database.php:23

actionadmin_initaddons\database\database.php:26

actionadmin_initaddons\database\database.php:32

actionadmin_enqueue_scriptsaddons\database\database.php:34

filteruacf7dp_send_form_data_before_insertaddons\database\database.php:49

filteruacf7dp_column_default_fieldsaddons\database\inc\functions.php:22

actionadmin_enqueue_scriptsaddons\dynamic-text\dynamic-text.php:13

actionwpcf7_initaddons\dynamic-text\dynamic-text.php:15

actionadmin_initaddons\dynamic-text\dynamic-text.php:17

filterwpcf7_validate_uacf7_dynamic_textaddons\dynamic-text\dynamic-text.php:19

filterwpcf7_validate_uacf7_dynamic_text*addons\dynamic-text\dynamic-text.php:21

actionadmin_enqueue_scriptsaddons\form-generator-ai\form-generator-ai.php:16

actionwpcf7_admin_footeraddons\form-generator-ai\form-generator-ai.php:20

filterwpcf7_contact_form_propertiesaddons\form-generator-ai\form-generator-ai.php:29

actionwpcf7_before_send_mailaddons\mailchimp\mailchimp.php:13

filteruacf7_post_meta_optionsaddons\mailchimp\mailchimp.php:14

filteruacf7_settings_optionsaddons\mailchimp\mailchimp.php:15

actionadmin_enqueue_scriptsaddons\mailchimp\mailchimp.php:16

actionwp_enqueue_scriptsaddons\multistep\multistep.php:14

actionadmin_initaddons\multistep\multistep.php:15

filterwpcf7_contact_formaddons\multistep\multistep.php:21

filteruacf7_post_meta_optionsaddons\multistep\multistep.php:22

filteruacf7_post_meta_options_multistep_proaddons\multistep\multistep.php:23

filteruacf7_multistep_steps_namesaddons\multistep\multistep.php:24

filteruacf7_multistep_step_titleaddons\multistep\multistep.php:25

actionadmin_enqueue_scriptsaddons\pdf-generator\pdf-generator.php:18

filterwpcf7_mail_componentsaddons\pdf-generator\pdf-generator.php:19

actionwpcf7_mail_sentaddons\pdf-generator\pdf-generator.php:23

filteruacf7_post_meta_optionsaddons\pdf-generator\pdf-generator.php:25

filteruacf7_post_meta_import_exportaddons\pdf-generator\pdf-generator.php:26

filterwpcf7_ajax_json_echoaddons\pdf-generator\pdf-generator.php:38

actionadmin_enqueue_scriptsaddons\placeholder\placeholder.php:12

filterwpcf7_contact_form_propertiesaddons\placeholder\placeholder.php:13

filteruacf7_post_meta_optionsaddons\placeholder\placeholder.php:14

actionwp_enqueue_scriptsaddons\pre-populate-field\pre-populate-field.php:15

filteruacf7_post_meta_optionsaddons\pre-populate-field\pre-populate-field.php:18

actionwpcf7_initaddons\product-dropdown\product-dropdown.php:13

actionadmin_initaddons\product-dropdown\product-dropdown.php:14

filterwpcf7_validate_uacf7_product_dropdownaddons\product-dropdown\product-dropdown.php:15

filterwpcf7_validate_uacf7_product_dropdown*addons\product-dropdown\product-dropdown.php:16

actionadmin_enqueue_scriptsaddons\product-dropdown\product-dropdown.php:17

actionwpcf7_initaddons\range-slider\range-slider.php:22

actionadmin_initaddons\range-slider\range-slider.php:23

actionwpcf7_contact_form_propertiesaddons\range-slider\range-slider.php:24

actionwp_enqueue_scriptsaddons\range-slider\range-slider.php:25

filteruacf7_post_meta_optionsaddons\range-slider\range-slider.php:26

actionwp_enqueue_scriptsaddons\redirection\redirect.php:22

actionwpcf7_submitaddons\redirection\redirect.php:24

filteruacf7_post_meta_optionsaddons\redirection\redirect.php:25

actionwpcf7_editor_panelsaddons\signature\inc\signature.php:18

actionwpcf7_after_saveaddons\signature\inc\signature.php:19

actionwp_enqueue_scriptsaddons\signature\ultimate-signature.php:13

actionadmin_initaddons\signature\ultimate-signature.php:15

actionwpcf7_initaddons\signature\ultimate-signature.php:16

filterwpcf7_validate_uacf7_signatureaddons\signature\ultimate-signature.php:18

filterwpcf7_validate_uacf7_signature*addons\signature\ultimate-signature.php:19

filteruacf7_post_meta_optionsaddons\signature\ultimate-signature.php:21

actionwpcf7_initaddons\spam-protection\ultimate-spam-protection.php:10

actionadmin_initaddons\spam-protection\ultimate-spam-protection.php:11

filteruacf7_post_meta_optionsaddons\spam-protection\ultimate-spam-protection.php:12

actionwp_enqueue_scriptsaddons\spam-protection\ultimate-spam-protection.php:13

actionwp_enqueue_scriptsaddons\star-rating\star-rating.php:11

actionwpcf7_initaddons\star-rating\star-rating.php:12

actionwpcf7_swv_create_schemaaddons\star-rating\star-rating.php:13

actionadmin_initaddons\star-rating\star-rating.php:14

filterwpcf7_contact_form_propertiesaddons\styler\uacf7style.php:12

filteruacf7_post_meta_optionsaddons\styler\uacf7style.php:13

actionadmin_initaddons\submission-id\inc\submission-id.php:12

filtertf_metabox_before_save_optionaddons\submission-id\inc\submission-id.php:13

actionwp_enqueue_scriptsaddons\submission-id\ultimate-submission-id.php:14

actionadmin_initaddons\submission-id\ultimate-submission-id.php:16

actionwpcf7_initaddons\submission-id\ultimate-submission-id.php:17

filterwpcf7_mail_componentsaddons\submission-id\ultimate-submission-id.php:22

actionuacf7_submission_id_insertaddons\submission-id\ultimate-submission-id.php:25

filteruacf7_post_meta_optionsaddons\submission-id\ultimate-submission-id.php:27

actionwpcf7_before_send_mailaddons\submission-id\ultimate-submission-id.php:29

actionwpcf7_before_send_mailaddons\telegram\ultimate-telegram.php:15

actionadmin_enqueue_scriptsaddons\telegram\ultimate-telegram.php:16

filteruacf7_post_meta_optionsaddons\telegram\ultimate-telegram.php:17

actionadmin_enqueue_scriptsaddons\web-hook\web-hook.php:12

filteruacf7_post_meta_optionsaddons\web-hook\web-hook.php:14

actionwpcf7_before_send_mailaddons\web-hook\web-hook.php:16

actionadmin_menuadmin\admin-menu.php:9

actionadd_meta_boxesadmin\tf-options\classes\UACF7_Metabox.php:21

actionwpcf7_admin_footeradmin\tf-options\classes\UACF7_Metabox.php:25

actionsave_postadmin\tf-options\classes\UACF7_Metabox.php:28

actionadmin_menuadmin\tf-options\classes\UACF7_Settings.php:30

actionadmin_initadmin\tf-options\classes\UACF7_Settings.php:33

actionadmin_footeradmin\tf-options\fields\icon\UACF7_icon.php:14

actionadmin_enqueue_scriptsadmin\tf-options\TF_Options.php:36

actionadmin_enqueue_scriptsadmin\tf-options\TF_Options.php:37

actionswitch_themeinc\app\src\Insights.php:135

actionswitch_themeinc\app\src\Insights.php:136

actionadmin_footerinc\app\src\Insights.php:146

actionadmin_noticesinc\app\src\Insights.php:161

actionadmin_initinc\app\src\Insights.php:164

filtercron_schedulesinc\app\src\Insights.php:168

actionadmin_menuinc\app\src\License.php:219

actionafter_switch_themeinc\app\src\License.php:781

actionswitch_themeinc\app\src\License.php:782

filterpre_set_site_transient_update_pluginsinc\app\src\Updater.php:51

filterplugins_apiinc\app\src\Updater.php:52

filterpre_set_site_transient_update_themesinc\app\src\Updater.php:61

filteruacf7_dashboard_helper_bannerinc\class-helper-banner.php:12

actionadmin_footerinc\class-helper-banner.php:13

filtercron_schedulesinc\class-promo-notice.php:45

actionuacf7_promo__schudleinc\class-promo-notice.php:51

actionadmin_noticesinc\class-promo-notice.php:62

actionwpcf7_admin_misc_pub_sectioninc\class-promo-notice.php:83

actioninitinc\class-promo-notice.php:97

actionwp_dashboard_setupinc\class-promo-notice.php:111

actionadmin_menuinc\class-setup-wizard.php:29

filteruacf7_settings_optionsinc\class-setup-wizard.php:30

actionadmin_initinc\class-setup-wizard.php:31

actionin_admin_headerinc\class-setup-wizard.php:35

filteruacf7_post_meta_optionsinc\functions.php:34

filteruacf7_settingsinc\functions.php:104

actionuacf7_multistep_pro_featuresinc\functions.php:180

actionuacf7_multistep_before_forminc\functions.php:281

filterwpcf7_contact_form_propertiesinc\functions.php:351

actionadmin_initinc\functions.php:392

actionadmin_noticesinc\functions.php:483

actionadmin_initinc\functions.php:1231

actionadmin_noticesinc\functions.php:1474

actionadmin_noticesinc\functions.php:1480

actionadmin_initinc\functions.php:1481

actionadmin_noticesinc\functions.php:1482

actionadmin_initinc\functions.php:1483

actionwpcf7_before_send_mailinc\functions.php:1661

actionadmin_footerinc\functions.php:1694

actionadmin_noticesinc\functions.php:1877

actionadmin_initinc\functions.php:1878

actionadmin_noticesinc\functions.php:1879

actionadmin_initinc\functions.php:1880

actionwpcf7_after_createinc\functions.php:2047

actioninitultimate-addons-for-contact-form-7.php:40

filterwpcf7_autop_or_notultimate-addons-for-contact-form-7.php:43

actionadmin_enqueue_scriptsultimate-addons-for-contact-form-7.php:49

actionadmin_enqueue_scriptsultimate-addons-for-contact-form-7.php:63

actionwp_enqueue_scriptsultimate-addons-for-contact-form-7.php:64

actionadmin_noticesultimate-addons-for-contact-form-7.php:76

Scheduled Events 1

uacf7_promo__schudle

Maintenance & Trust

Ultra Addons for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 11, 2026

PHP min version7.4

Downloads2.0M

Community Trust

Rating96/100

Number of ratings101

Active installs60K

Alternatives

Ultra Addons for Contact Form 7 Alternatives

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

The most beginner-friendly, AI Form Builder for WordPress to create contact forms, payment forms & other custom forms with advanced features, with …

400K 15 CVEs

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

everest-forms

The best WordPress form builder. Create contact forms, payment forms, conversational forms, custom forms, surveys, & quizzes using drag and drop.

100K 12 CVEs

Online Forms — Customizable Payment, Contact, Quiz, Survey Form Builder – Jotform

embed-form

Create and embed secure online forms in WordPress using Jotform’s drag-and-drop builder, with PCI and HIPAA compliance and full data-security support.

20K 1 CVE

Developer Profile

Ultra Addons for Contact Form 7 Developer Profile

Themefic

11 plugins · 97K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

93 days

View full developer profile

Detection Fingerprints

How We Detect Ultra Addons for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ultimate-addons-for-contact-form-7/assets/css/admin-style.css/wp-content/plugins/ultimate-addons-for-contact-form-7/assets/js/admin-script.js/wp-content/plugins/ultimate-addons-for-contact-form-7/assets/app/libs/notyf/notyf.min.css/wp-content/plugins/ultimate-addons-for-contact-form-7/assets/app/libs/notyf/notyf.min.js/wp-content/plugins/ultimate-addons-for-contact-form-7/assets/css/uacf7-frontend.css/wp-content/plugins/ultimate-addons-for-contact-form-7/assets/css/form-style.css

Script Paths

/wp-content/plugins/ultimate-addons-for-contact-form-7/assets/js/admin-script.js/wp-content/plugins/ultimate-addons-for-contact-form-7/assets/app/libs/notyf/notyf.min.js

Version Parameters

ultimate-addons-for-contact-form-7/assets/app/libs/notyf/notyf.min.css?ver=ultimate-addons-for-contact-form-7/assets/app/libs/notyf/notyf.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

uacf7-admin-styleuacf7-frontend-styleuacf7-form-style

Data Attributes

data-noncedata-uacf7_admin_noncedata-themefic_noncedata-uacf7_admin_params

JS Globals

uacf7_optionsuacf7_admin_datauacf7_admin_params

FAQ

Ultra Addons for Contact Form 7 Security & Risk Analysis

Is Ultra Addons for Contact Form 7 Safe to Use in 2026?

Mostly Safe

Key Concerns

Ultra Addons for Contact Form 7 Security Vulnerabilities

CVEs by Year

Severity Breakdown

Ultra Addons for Contact Form 7 Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Ultra Addons for Contact Form 7 Attack Surface

AJAX Handlers 34

Shortcodes 6

Scheduled Events 1

Ultra Addons for Contact Form 7 Maintenance & Trust

Maintenance Signals

Community Trust

Ultra Addons for Contact Form 7 Alternatives

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

SureForms – Contact Form, Payment Form & Other Custom Form Builder

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

Online Forms — Customizable Payment, Contact, Quiz, Survey Form Builder – Jotform

Ultra Addons for Contact Form 7 Developer Profile

How We Detect Ultra Addons for Contact Form 7

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Ultra Addons for Contact Form 7