Websync Builder for Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/websync-builder-cf7

Create Contact Form 7 forms visually with drag-and-drop, add conditional logic, and store all submissions in your database.

0 active installs v1.1.0 PHP 7.4+ WP 5.6+ Updated Nov 25, 2025
conditional-logiccontact-form-7drag-and-dropform-buildersubmissions
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Websync Builder for Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 100/100

Websync Builder for Contact Form 7 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The websync-builder-cf7 plugin v1.1.0 exhibits a generally good security posture based on the provided static analysis. It correctly utilizes prepared statements for all SQL queries and demonstrates a high percentage of properly escaped output, indicating developers are mindful of common web vulnerabilities. The presence of nonce and capability checks on its single AJAX entry point further strengthens its defense against unauthorized access and actions. Crucially, there is no recorded vulnerability history, suggesting a consistent track record of secure development or prompt patching.

Key Concerns

  • Dangerous function usage (set_time_limit)
  • Flows with unsanitized paths detected
  • File operations present in code
  • External HTTP requests present
Vulnerabilities
None known

Websync Builder for Contact Form 7 Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Websync Builder for Contact Form 7 Release Timeline

v1.1.0Current
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
Code Analysis
Analyzed Apr 16, 2026

Websync Builder for Contact Form 7 Code Analysis

Dangerous Functions
4
Raw SQL Queries
0
2 prepared
Unescaped Output
10
170 escaped
Nonce Checks
6
Capability Checks
5
File Operations
9
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

set_time_limitignore_user_abort(true); @set_time_limit(0); nocache_headers();src/Submissions/Exporter.php:75
set_time_limitignore_user_abort(true); @set_time_limit(0); nocache_headers();src/Submissions/Exporter.php:89
set_time_limitignore_user_abort(true); @set_time_limit(0); nocache_headers();src/Submissions/Exporter.php:104
set_time_limitignore_user_abort(true); @set_time_limit(0); nocache_headers();src/Submissions/Exporter.php:115

Bundled Libraries

Select2

SQL Query Safety

100% prepared2 total queries

Output Escaping

94% escaped180 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths
wblscf7_render_submissions_page (src/Submissions/AdminPage.php:72)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Websync Builder for Contact Form 7 Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_wbsycf7_send_deactivation_reasonsrc/Core/Plugin.php:44
WordPress Hooks 23
filterwpcf7_editor_panelssrc/Admin/BuilderTab.php:12
actionwpcf7_after_savesrc/Admin/BuilderTab.php:13
actionsave_post_wpcf7_contact_formsrc/Admin/BuilderTab.php:16
actionadmin_footersrc/Admin/BuilderTab.php:18
actionadmin_initsrc/Admin/PreviewPage.php:9
actioninitsrc/Admin/PreviewPage.php:10
filterthe_contentsrc/Admin/PreviewPage.php:12
actionadmin_enqueue_scriptssrc/Core/Plugin.php:26
actionwp_enqueue_scriptssrc/Core/Plugin.php:27
filterwpcf7_form_elementssrc/Core/Plugin.php:30
actioncurrent_screensrc/Core/Plugin.php:45
actioninitsrc/Frontend/Override.php:7
actiontemplate_redirectsrc/Frontend/Override.php:12
filterdo_shortcode_tagsrc/Frontend/Override.php:32
filterwpcf7_validatesrc/Frontend/Override.php:63
actionadmin_menusrc/Submissions/AdminPage.php:6
actionadmin_post_wblscf7_delete_submissionssrc/Submissions/AdminPage.php:8
actionadmin_post_wblscf7_delete_submissionsrc/Submissions/AdminPage.php:33
actionadmin_post_wblscf7_bulk_delete_submissionssrc/Submissions/AdminPage.php:45
actionadmin_post_wblscf7_export_submissionssrc/Submissions/Exporter.php:15
actioninitsrc/Submissions/Manager.php:7
actionwpcf7_before_send_mailsrc/Submissions/Manager.php:8
actionadmin_noticessrc/Submissions/SubmissionsList.php:134
Maintenance & Trust

Websync Builder for Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 25, 2025
PHP min version7.4
Downloads546

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Websync Builder for Contact Form 7 Developer Profile

Whistleblowing Form Team

2 plugins · 200 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Websync Builder for Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/websync-builder-cf7/dist/css/wbsy-cf7-frontend.css/wp-content/plugins/websync-builder-cf7/dist/js/wbsy-cf7-frontend.js/wp-content/plugins/websync-builder-cf7/dist/css/wbsy-cf7-admin.css/wp-content/plugins/websync-builder-cf7/dist/js/wbsy-cf7-admin.js
Version Parameters
websync-builder-cf7/dist/css/wbsy-cf7-frontend.css?ver=websync-builder-cf7/dist/js/wbsy-cf7-frontend.js?ver=websync-builder-cf7/dist/css/wbsy-cf7-admin.css?ver=websync-builder-cf7/dist/js/wbsy-cf7-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
wblscf7-settings-groupwblscf7-group-titlewblscf7-redirect-fieldwblscf7-field-option-rowwblscf7-req-switch-button-coverwblscf7-switch-button-coverwblscf7-switch-buttonwblscf7-field-option+5 more
Data Attributes
data-option="subscribers_only: true"data-option="demo_mode: on"
JS Globals
window.wbsy_cf7_admin_vars
REST Endpoints
/wp-json/custom/v1/receive-data/
FAQ

Frequently Asked Questions about Websync Builder for Contact Form 7