Does WPGContacts have any unpatched vulnerabilities?

No. All known vulnerabilities in WPGContacts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPGContacts compatible with WordPress 6.2.9?

According to WordPress.org data, WPGContacts 1.0.0 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

Is WPGContacts compatible with PHP 5.5+?

WPGContacts requires PHP 5.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WPGContacts updated?

WPGContacts was last updated on Apr 15, 2023. Frequent updates are generally a positive security signal.

What is WPGContacts's security score?

WPGContacts has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPGContacts Security & Risk Analysis

wordpress.org/plugins/wpgcontacts

Send your Contact Form 7 data directly to your Google Contacts spreadsheet.

0 active installs v1.0.0 PHP 5.5+ WP 4.9+ Updated Apr 15, 2023

contact-form-7google-contactsgravity-formsninja-formswpforms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WPGContacts Safe to Use in 2026?

Generally Safe

Score 85/100

WPGContacts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

This plugin exhibits a generally good security posture, with several positive indicators. The absence of known CVEs and the presence of nonce checks on all AJAX handlers are strong points. The code analysis shows a reasonable approach to output escaping, with a majority of outputs being properly escaped. The taint analysis also reveals no critical or high-severity vulnerabilities related to unsanitized data flows.

However, there are areas for concern that warrant attention. The most significant is the complete lack of prepared statements for its SQL queries. This represents a significant risk for SQL injection vulnerabilities, as any user-controllable input that makes its way into these queries could be exploited. Additionally, while capability checks are present, there is only one detected, which may indicate insufficient authorization controls for certain operations. The presence of file operations and external HTTP requests, while not inherently risky, should be carefully scrutinized for potential vulnerabilities if not properly secured.

Overall, the plugin's vulnerability history is clean, suggesting a relatively secure development process. However, the lack of prepared statements for SQL queries is a critical oversight that significantly elevates the risk profile. While the attack surface is protected by nonce checks, the raw SQL usage poses a substantial threat that needs immediate remediation.

Key Concerns

Raw SQL queries without prepared statements
Only one capability check detected
File operations present
External HTTP requests present

Vulnerabilities

None known

WPGContacts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WPGContacts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

45 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

SQL Query Safety

0% prepared2 total queries

Output Escaping

67% escaped67 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

verify_wpgooglecontact_integation (includes\class-wpgooglecontact-service.php:143)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WPGContacts Attack Surface

Entry Points10

Unprotected0

AJAX Handlers 10

authwp_ajax_verify_wpgooglecontact_integationincludes\class-wpgooglecontact-service.php:23

authwp_ajax_deactivate_wpgooglecontact_integationincludes\class-wpgooglecontact-service.php:24

authwp_ajax_wpgooglecontact_clear_logincludes\class-wpgooglecontact-service.php:25

authwp_ajax_set_upgrade_notification_intervalincludes\class-wpgooglecontact-service.php:27

authwp_ajax_close_upgrade_notification_intervalincludes\class-wpgooglecontact-service.php:28

authwp_ajax_fgc_save_client_id_sec_id_gapiincludes\class-wpgooglecontact-service.php:29

authwp_ajax_fgc_deactivate_auth_token_gapiincludes\class-wpgooglecontact-service.php:30

authwp_ajax_save_method_api_wptogocontincludes\class-wpgooglecontact-service.php:31

authwp_ajax_get_cf7_form_fields_listincludes\class-wpgooglecontact-service.php:32

authwp_ajax_save_googleform_fieldsincludes\class-wpgooglecontact-service.php:33

WordPress Hooks 8

actionadmin_initincludes\class-wpgooglecontact-role-settings.php:38

actionadmin_noticesincludes\class-wpgooglecontact-service.php:26

actionwpcf7_before_send_mailincludes\class-wpgooglecontact-service.php:34

actionadmin_initWPGContacts.php:54

actionadmin_menuWPGContacts.php:56

actioninitWPGContacts.php:59

actionadmin_print_stylesWPGContacts.php:209

actionadmin_print_scriptsWPGContacts.php:210

Maintenance & Trust

WPGContacts Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedApr 15, 2023

PHP min version5.5

Downloads622

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

WPGContacts Alternatives

Autopreenchimento de endereço em formulários

cf7-cep-autofill

Preenchimento automático de campos de endereço baseado no CEP informado.

1K No CVEs

Proweblook Phone Validator

proweblook-phone-validator

With the Proweblook Phone Validator plugin you can easily verify if a phone number is really valid and callable (https://proweblook.com).

0 No CVEs

WP Contact Slider – Contact Form Slider Widget

wp-contact-slider

Helps you to show slide out contact form to display CF7, Gravity forms, Ninja Forms, WP Forms, display random text/HTML and support some other forms.

10K 2 CVEs

Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms

cf7-hubspot

Send Contact Form 7, WPForms, Elementor, Ninja Forms, WPforms, Elementor, Ninja Forms, Contact Form Entries Plugin and many other contact form submiss …

5K 5 CVEs

WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin

cf7-zoho

Send Contact Form 7, WPforms, Elementor, Formidable, Ninja Forms and many other contact form submissions to zoho CRM and Bigin.

3K 5 CVEs

Developer Profile

WPGContacts Developer Profile

WesternDeal

11 plugins · 63K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

126 days

View full developer profile

Detection Fingerprints

How We Detect WPGContacts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpgcontacts/assets/css/wpgooglecontact-style.css/wp-content/plugins/wpgcontacts/assets/js/wpgooglecontact-connector.js

Script Paths

/wp-content/plugins/wpgcontacts/assets/js/wpgooglecontact-connector.js

Version Parameters

wpgooglecontact-style.css?ver=wpgooglecontact-connector.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpgooglecontact-connector-js

FAQ