Does WP Contact Form 7 DB Handler have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Contact Form 7 DB Handler have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Contact Form 7 DB Handler compatible with WordPress 6.8.5?

According to WordPress.org data, WP Contact Form 7 DB Handler 3.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is WP Contact Form 7 DB Handler updated?

WP Contact Form 7 DB Handler was last updated on Oct 25, 2025. Frequent updates are generally a positive security signal.

What is WP Contact Form 7 DB Handler's security score?

WP Contact Form 7 DB Handler has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Contact Form 7 DB Handler Security & Risk Analysis

wordpress.org/plugins/wp-contact-form-7-db-handler

Store all your contact form 7 submission and easily access it. you can also filter and export it!

100 active installs v3.0 PHP + WP 5.0+ Updated Oct 25, 2025

cf7dbhcontact-form-7-databasecontact-form-7-dbcontact-form-7-db-handlercontact-form-7-dbh

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Contact Form 7 DB Handler Safe to Use in 2026?

Generally Safe

Score 100/100

WP Contact Form 7 DB Handler has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The "wp-contact-form-7-db-handler" v3.0 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates strong practices regarding output escaping, with 99% of outputs properly sanitized, and a significant portion of its SQL queries use prepared statements. The absence of any known CVEs and a clean vulnerability history are also positive indicators. However, significant concerns arise from the static analysis. The presence of the `unserialize` function, a known source of vulnerabilities if not handled with extreme care, is a red flag. More critically, the plugin exposes a single AJAX handler without any authentication checks, representing a direct and unprotected entry point for attackers. Furthermore, the taint analysis indicates flows with unsanitized paths, although these are not categorized as critical or high severity, they still warrant attention as potential weaknesses. The lack of capability checks on any entry points means that any user, regardless of their role, could potentially interact with these unprotected handlers.

Key Concerns

AJAX handler without authentication checks
Use of unserialize function
Taint flows with unsanitized paths
No capability checks on entry points

Vulnerabilities

None known

WP Contact Form 7 DB Handler Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Contact Form 7 DB Handler Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

157 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$heading_row = unserialize($heading_row->post_content);include\download-file-class.php:99

unserialize$resultTmp = unserialize($result->post_content);include\download-file-class.php:137

unserialize<?php $form_data = unserialize($results[0]->post_content); ?>include\form-details-page-class.php:56

unserialize$columns = (isset($columns) ? unserialize($columns) : '');include\form-inner-page-class.php:54

unserialize$data = unserialize($row->post_content);include\form-inner-page-class.php:262

unserialize$form_value = unserialize($result->post_content);include\form-inner-page-class.php:511

unserialize$result_values = unserialize($result_value);include\form-inner-page-class.php:607

SQL Query Safety

57% prepared21 total queries

Output Escaping

99% escaped159 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

7 flows3 with unsanitized paths

list_table_page (include\form-inner-page-class.php:18)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

WP Contact Form 7 DB Handler Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_ys_cfdbh_update_view_listwp-contact-form-7-db-handler.php:267

WordPress Hooks 5

actioninitwp-contact-form-7-db-handler.php:22

actioninitwp-contact-form-7-db-handler.php:65

filterys_cfdbh_before_save_datawp-contact-form-7-db-handler.php:83

actionwpcf7_before_send_mailwp-contact-form-7-db-handler.php:93

actionadmin_menuwp-contact-form-7-db-handler.php:208

Maintenance & Trust

WP Contact Form 7 DB Handler Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 25, 2025

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

WP Contact Form 7 DB Handler Alternatives

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs

Advanced Contact form 7 DB

advanced-cf7-db

Save all contact form 7 form submitted data to the database, View, Ordering, Change field labels and Import/Export data using CSV.

70K 6 CVEs

Database for Contact Form 7, WPforms, Elementor forms

contact-form-entries

Saves Contact Form 7, WPforms,Elementor Forms, CRM Perks Forms and many other contact form submissions to database.

70K 13 CVEs

Form Vibes – Database Manager for Forms

form-vibes

Never miss a single lead! Save and manage all Contact Form 7 and Elementor form submissions easily. View, Export, Analyze and Filter submissions.

10K 4 CVEs

DM Contact Form 7 DB

dm-contact-form-7-db

100

Save Contact Form 7 entries.

300 No CVEs

Developer Profile

WP Contact Form 7 DB Handler Developer Profile

Yudiz Solutions Pvt. Ltd.

14 plugins · 6K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

59 days

View full developer profile

Detection Fingerprints

How We Detect WP Contact Form 7 DB Handler

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-contact-form-7-db-handler/assets/css/bootstrap.min.css/wp-content/plugins/wp-contact-form-7-db-handler/assets/js/jquery.dataTables.min.js/wp-content/plugins/wp-contact-form-7-db-handler/assets/js/dataTables.bootstrap.min.js/wp-content/plugins/wp-contact-form-7-db-handler/assets/js/custom.js/wp-content/plugins/wp-contact-form-7-db-handler/assets/css/dataTables.bootstrap.min.css

Version Parameters

wp-contact-form-7-db-handler/assets/css/bootstrap.min.css?ver=wp-contact-form-7-db-handler/assets/js/jquery.dataTables.min.js?ver=wp-contact-form-7-db-handler/assets/js/dataTables.bootstrap.min.js?ver=wp-contact-form-7-db-handler/assets/js/custom.js?ver=wp-contact-form-7-db-handler/assets/css/dataTables.bootstrap.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

ys_cfdbh_datatable

HTML Comments

/*!
 * Contact Form 7 - CFDB Data Handler 
 * @package CFDB
 * @author Yudiz Solutions Ltd.
 */

/*!
 * Contact Form 7 - CFDB Data Handler
 * @package CFDB
 * @author Yudiz Solutions Ltd.
 */

/*/----- register custom posttype for ys_cfdbh ------/*/ /*/ cf7dbh download file function /*/+11 more

Data Attributes

ys_cfdbh_nonce

FAQ