WP-Safety

Valid Email Verification for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/valid-email-verification-cf7

Adds duplicate email blocking and verification to Contact Form 7 to improve form security and reduce spam.

10 active installs v1.0.1 PHP 7.2+ WP 6.0+ Updated Oct 16, 2025
contact-form-7duplicate-emailemail-verificationform-securityprevent-fake-emails
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Valid Email Verification for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 100/100

Valid Email Verification for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The valid-email-verification-cf7 plugin, version 1.0.1, exhibits a generally strong security posture based on the provided static analysis. The absence of identifiable attack surface points such as AJAX handlers, REST API routes, shortcodes, and cron events, particularly those without authentication, is a significant strength. Furthermore, the code signals indicate responsible development with no dangerous functions, a good percentage of SQL queries utilizing prepared statements, and high rates of output escaping. The plugin also shows no file operations, external HTTP requests, or known vulnerability history, all positive indicators. However, the complete absence of nonce and capability checks across all entry points is a notable concern, as this is a fundamental security mechanism for WordPress plugins to prevent certain types of attacks. While the current taint analysis reveals no unsanitized flows, this is often due to a limited attack surface and should be re-evaluated as the plugin evolves.

Key Concerns

  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Valid Email Verification for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Valid Email Verification for Contact Form 7 Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
2 prepared
Unescaped Output
1
5 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

67% prepared3 total queries

Output Escaping

83% escaped6 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<class-cf7-email-verification> (includes\class-cf7-email-verification.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Valid Email Verification for Contact Form 7 Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
filterwpcf7_validate_email*includes\class-cf7-email-verification.php:15
filterwpcf7_validate_emailincludes\class-cf7-email-verification.php:16
actionwpcf7_mail_sentincludes\class-cf7-email-verification.php:19
actionadmin_menuincludes\class-cf7-email-verification.php:22
actionadmin_initincludes\class-cf7-email-verification.php:23
actionplugins_loadedvalid-email-verification-cf7.php:23
Maintenance & Trust

Valid Email Verification for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 16, 2025
PHP min version7.2
Downloads413

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Valid Email Verification for Contact Form 7 Alternatives

Authyo OTP for Contact Form 7

Authyo OTP for Contact Form 7

authyo-otp-for-contact-form-7

A
100

Adds OTP verification (Email, SMS, WhatsApp, Voice Call) and Google Sheets Integration (with Multi-Sheet support) to Contact Form 7.

10 No CVEs
Spam Protect for Contact Form 7

Spam Protect for Contact Form 7

wp-contact-form-7-spam-blocker

A
100

Spam Protect for Contact-Form7 protects from spam and bots. Customize defense strategies and monitor blocked attempts. Protect your time effectively!

10K No CVEs
Contact Form 7 Spam Killer

Contact Form 7 Spam Killer

cf7-advance-security

A
100

"Contact Form 7 Spam Killer" is a advance spam blocker that will help to prevent unwanted spam for your Contact Form 7 plugin.

4K No CVEs
Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification

Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification

double-opt-in

A
100

Protect your forms with GDPR-compliant Double Opt-In. Ensure valid emails, prevent fake signups, and stay compliant with Contact Form 7 and Avada.

1K No CVEs
OTP by Email for Contact Form 7

OTP by Email for Contact Form 7

otp-by-email

A
85

A small Contact Form 7 extension plugin to enable email confirmation by unique links sent to the email inbox.

80 No CVEs
Developer Profile

Valid Email Verification for Contact Form 7 Developer Profile

Sabirul Islam

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Valid Email Verification for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/valid-email-verification-cf7/assets/css/backend.css/wp-content/plugins/valid-email-verification-cf7/assets/css/frontend.css/wp-content/plugins/valid-email-verification-cf7/assets/js/backend.js/wp-content/plugins/valid-email-verification-cf7/assets/js/frontend.js
Script Paths
/wp-content/plugins/valid-email-verification-cf7/assets/js/backend.js/wp-content/plugins/valid-email-verification-cf7/assets/js/frontend.js
Version Parameters
valid-email-verification-cf7/assets/css/backend.css?ver=valid-email-verification-cf7/assets/css/frontend.css?ver=valid-email-verification-cf7/assets/js/backend.js?ver=valid-email-verification-cf7/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Valid Email Verification for Contact Form 7