Does Visual Builder for Contact Form 7 have any unpatched vulnerabilities?

No. All known vulnerabilities in Visual Builder for Contact Form 7 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Visual Builder for Contact Form 7 compatible with WordPress 5.8.13?

According to WordPress.org data, Visual Builder for Contact Form 7 2.5 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

Is Visual Builder for Contact Form 7 compatible with PHP 5.6+?

Visual Builder for Contact Form 7 requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Visual Builder for Contact Form 7 updated?

Visual Builder for Contact Form 7 was last updated on Sep 17, 2021. Frequent updates are generally a positive security signal.

What is Visual Builder for Contact Form 7's security score?

Visual Builder for Contact Form 7 has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Visual Builder for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/visual-builder-for-contact-form-7

Adds a Visual Builder and a code highlighter for contact form 7 forms. ADD-on. Requires Contact Form 7 Plugin.

500 active installs v2.5 PHP 5.6+ WP 4.1+ Updated Sep 17, 2021

contactformform-buildervisual-buildervisual-form

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Visual Builder for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 85/100

Visual Builder for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The static analysis of "visual-builder-for-contact-form-7" v2.5 indicates a generally good security posture, with no critical or high-severity code signals detected. The plugin exhibits strong practices in database interaction, exclusively using prepared statements for SQL queries, and demonstrates diligent use of nonces for its AJAX handlers. Furthermore, the absence of any recorded CVEs in its vulnerability history suggests a stable and well-maintained codebase.

However, a significant concern arises from the limited output escaping, with only 25% of outputs being properly escaped. This leaves potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is reflected in the output without adequate sanitization. While no taint flows indicated unsanitized paths, the general lack of thorough output escaping across the board presents a notable risk. The plugin's attack surface, while small with only three AJAX entry points, is entirely unprotected by capability checks, which could allow unauthenticated users to trigger these handlers under certain circumstances, although the absence of specific vulnerabilities in the history makes this a theoretical rather than immediate concern.

In conclusion, the plugin benefits from secure database handling and nonce protection. The primary weakness lies in its output escaping, which requires immediate attention to mitigate potential XSS risks. The lack of capability checks on its AJAX handlers is also a point of concern, though less severe given the absence of other exploitable code signals. Overall, the plugin is relatively secure but has a clear area for improvement regarding output sanitization.

Key Concerns

Low output escaping rate
AJAX handlers lack capability checks

Vulnerabilities

None known

Visual Builder for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Visual Builder for Contact Form 7 Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

25% escaped16 total outputs

Data Flows

All sanitized

Data Flow Analysis

5 flows

wpecf7vb_init (cf7-visual-builder.php:48)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Visual Builder for Contact Form 7 Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_save_iconeyescf7-visual-builder.php:558

authwp_ajax_save_selection_themecf7-visual-builder.php:559

authwp_ajax_refresh_visualcf7-visual-builder.php:561

WordPress Hooks 6

actionplugins_loadedcf7-visual-builder.php:46

actionadmin_enqueue_scriptscf7-visual-builder.php:51

actionadmin_headcf7-visual-builder.php:79

actionadmin_footercf7-visual-builder.php:80

filterwpcf7_editor_panelscf7-visual-builder.php:467

actionadmin_noticesclass.wpcf7vb-extension-activation.php:73

Maintenance & Trust

Visual Builder for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedSep 17, 2021

PHP min version5.6

Downloads26K

Community Trust

Rating74/100

Number of ratings6

Active installs500

Alternatives

Visual Builder for Contact Form 7 Alternatives

CRM Perks Forms – WordPress Form Builder

crm-perks-forms

Create beautiful contact forms and popups with floating buttons.

1K 8 CVEs

Easy Build CF7 Light

easy-build-cf7-light

100

A visual form builder that lets you create beautiful Contact Form 7 forms using Elementor's drag & drop interface.

10 No CVEs

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor

metform

The most popular Elementor forms builder to create WordPress forms like contact forms, booking forms, feedback form, survey forms, application forms a …

600K 26 CVEs

Developer Profile

Visual Builder for Contact Form 7 Developer Profile

etruel

11 plugins · 13K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

116 days

View full developer profile

Detection Fingerprints

How We Detect Visual Builder for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/visual-builder-for-contact-form-7/css/styles.css/wp-content/plugins/visual-builder-for-contact-form-7/js/jquery.vSort.min.js/wp-content/plugins/visual-builder-for-contact-form-7/codemirror/css/codemirror.css/wp-content/plugins/visual-builder-for-contact-form-7/codemirror/css/monokai.css/wp-content/plugins/visual-builder-for-contact-form-7/codemirror/css/colbat.css/wp-content/plugins/visual-builder-for-contact-form-7/codemirror/css/blackboard.css/wp-content/plugins/visual-builder-for-contact-form-7/codemirror/js/codemirror.js/wp-content/plugins/visual-builder-for-contact-form-7/codemirror/js/javascript.js+3 more

HTML / DOM Fingerprints

CSS Classes

temp_paragraph

Data Attributes

formnovalidate

JS Globals

wpecf7vb_plugin_urlwpcf7

Shortcode Output

[submit

FAQ