WP-Safety

Yonox CF7 DB Security & Risk Analysis

wordpress.org/plugins/yonox-contact-form-7-db

Yonox CF7 DB save form submissions to the database from Contact Form 7 Plugin.

0 active installs v1.0.0 PHP 5.6+ WP 4.7+ Updated Oct 4, 2019
cf7cfdbcontact-formcontact-form-7database
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Yonox CF7 DB Safe to Use in 2026?

Generally Safe

Score 85/100

Yonox CF7 DB has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

This plugin exhibits a concerning security posture primarily due to its unprotected attack surface. With 5 AJAX handlers, all lacking authentication checks, there's a significant risk of unauthorized access and potential manipulation of plugin functionality. The presence of the 'unserialize' function is another red flag, as it can lead to object injection vulnerabilities if not handled with extreme care and sanitization. While the majority of SQL queries use prepared statements and most output is properly escaped, the identified taint flows with unsanitized paths suggest potential pathways for attackers to inject malicious data. The complete absence of known vulnerabilities is positive but should not overshadow the inherent risks identified in the static analysis. The plugin uses a bundled library, DataTables, which, if outdated, could introduce further risks, though the provided data doesn't specify its version or patch status. The lack of capability checks on the AJAX handlers exacerbates the risk posed by the unprotected entry points.

Key Concerns

  • Unprotected AJAX handlers
  • Unsanitized taint flows found
  • Dangerous function 'unserialize' used
  • No capability checks on AJAX
  • Bundled library (DataTables)
Vulnerabilities
None known

Yonox CF7 DB Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Yonox CF7 DB Code Analysis

Dangerous Functions
2
Raw SQL Queries
2
32 prepared
Unescaped Output
15
36 escaped
Nonce Checks
7
Capability Checks
0
File Operations
37
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserializeforeach ( unserialize($submitData->form_values) as $formFieldValue ) {classes\class-ycf7db-export-records.php:127
unserialize$queryResults = unserialize($ycf7dbData[0]->form_values);classes\class-ycf7db-functions.php:262

Bundled Libraries

DataTables

SQL Query Safety

94% prepared34 total queries

Output Escaping

71% escaped51 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
ycf7db_list_forms (classes\class-ycf7db-admin.php:148)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Yonox CF7 DB Attack Surface

Entry Points5
Unprotected5

AJAX Handlers 5

authwp_ajax_ycf7db_list_formsclasses\class-ycf7db.php:169
authwp_ajax_ycf7db_formsubmitsclasses\class-ycf7db.php:170
authwp_ajax_ycf7db_viewsubmitclasses\class-ycf7db.php:171
authwp_ajax_ycf7db_export_recordsclasses\class-ycf7db.php:172
authwp_ajax_ycf7db_delete_recordsclasses\class-ycf7db.php:173
WordPress Hooks 8
actionplugins_loadedclasses\class-ycf7db.php:138
actionadmin_menuclasses\class-ycf7db.php:153
actionadmin_enqueue_scriptsclasses\class-ycf7db.php:159
actionadmin_enqueue_scriptsclasses\class-ycf7db.php:164
actionadmin_enqueue_scriptsclasses\class-ycf7db.php:165
actionwp_enqueue_scriptsclasses\class-ycf7db.php:187
actionwp_enqueue_scriptsclasses\class-ycf7db.php:188
actionwpcf7_before_send_mailclasses\class-ycf7db.php:189
Maintenance & Trust

Yonox CF7 DB Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24
Last updatedOct 4, 2019
PHP min version5.6
Downloads1K

Community Trust

Rating20/100
Number of ratings1
Active installs0
Alternatives

Yonox CF7 DB Alternatives

WPSyncSheets For Contact Form 7 – CF7 Google Sheets Connector & Save to Database

WPSyncSheets For Contact Form 7 – CF7 Google Sheets Connector & Save to Database

contactsheets-lite

A
100

Connect Contact Form 7 submissions to Google Sheets to sync your form entries and save all cf7 forms submitted data to the database.

400 No CVEs
EP Exporter for Contact Form 7 (CF7)

EP Exporter for Contact Form 7 (CF7)

ep-exporter-for-cf7

A
100

Smart and lightweight Contact Form 7 data exporter. Export your CF7 or CFDB7 submissions to CSV with advanced filtering options.

200 No CVEs
Database Addon for Contact Form 7 – CFDB7

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

A
90

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs
Advanced Contact form 7 DB

Advanced Contact form 7 DB

advanced-cf7-db

B
83

Save all contact form 7 form submitted data to the database, View, Ordering, Change field labels and Import/Export data using CSV.

70K 6 CVEs
Database for CF7

Database for CF7

database-for-cf7

A
92

Save CF7 submitted form informations into your WordPress database.

2K 1 CVE
Developer Profile

Yonox CF7 DB Developer Profile

yonox

2 plugins · 50 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Yonox CF7 DB

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/yonox-contact-form-7-db/assets/css/font-icons/admin-menu-icon/ycf7db.css/wp-content/plugins/yonox-contact-form-7-db/assets/css/font-icons/flaticon.css/wp-content/plugins/yonox-contact-form-7-db/assets/css/font-icons/flaticon2.css/wp-content/plugins/yonox-contact-form-7-db/assets/css/font-icons/ftypeicon.css/wp-content/plugins/yonox-contact-form-7-db/assets/DataTables/datatables.min.css/wp-content/plugins/yonox-contact-form-7-db/assets/css/yonox-cf7-db-admin.css/wp-content/plugins/yonox-contact-form-7-db/assets/DataTables/datatables.min.js/wp-content/plugins/yonox-contact-form-7-db/assets/js/yonox-cf7-db-admin.js
Script Paths
https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Version Parameters
yonox-cf7-db/assets/css/font-icons/admin-menu-icon/ycf7db.css?ver=yonox-cf7-db/assets/DataTables/datatables.min.css?ver=yonox-cf7-db/assets/css/yonox-cf7-db-admin.css?ver=yonox-cf7-db/assets/DataTables/datatables.min.js?ver=yonox-cf7-db/assets/js/yonox-cf7-db-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
flaticon2-sendicono-lgva-2mr-1flaticon2-list-3azulmr-2cursor-pointer+2 more
HTML Comments
<!-- View Form Submissions -->
Data Attributes
data-placement="tooltip"data-toggle="tooltip"data-trigger="hover"data-original-title="View Form Submissions"
JS Globals
ycf7dbScripts
FAQ

Frequently Asked Questions about Yonox CF7 DB