Title: SQL Injection safety?
Last modified: March 5, 2024

---

# SQL Injection safety?

 *  [Gerdski](https://wordpress.org/support/users/gerdski/)
 * (@gerdski)
 * [2 years, 3 months ago](https://wordpress.org/support/topic/sql-injection-safety/)
 * Hello,
 * I wonder if CF7 is fully safe against SQL injections.
 * I’ve seen this: [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cf7-field-validation/contact-form-7-custom-validation-113-unauthenticated-sql-injection-via-post](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cf7-field-validation/contact-form-7-custom-validation-113-unauthenticated-sql-injection-via-post)
 * which tells me that up to V. 1.1.3 there was a possibility for a SQL injection
   exploit, but it’s obviously fixed…

Viewing 4 replies - 1 through 4 (of 4 total)

 *  Plugin Author [Takayuki Miyoshi](https://wordpress.org/support/users/takayukister/)
 * (@takayukister)
 * [2 years, 3 months ago](https://wordpress.org/support/topic/sql-injection-safety/#post-17477436)
 * That vulnerability report is about [cf7-field-validation](https://wordpress.org/plugins/cf7-field-validation/),
   not about the Contact Form 7 plugin.
 * As you see in the report and the plugin page, the critical vulnerability is not
   patched, and the WordPress plugin directory has closed the plugin for security
   reasons. This means it is outrageously dangerous. Never use it.
 *  Thread Starter [Gerdski](https://wordpress.org/support/users/gerdski/)
 * (@gerdski)
 * [2 years, 3 months ago](https://wordpress.org/support/topic/sql-injection-safety/#post-17477634)
 * I don’t understand your answer. Just forget about this report, it was a result
   of my faulty google search.
   But I still wonder if the main CF7 plugin is fully
   safe against SQL injections?
 *  [wpmad](https://wordpress.org/support/users/wpmad/)
 * (@wpmad)
 * [2 years, 3 months ago](https://wordpress.org/support/topic/sql-injection-safety/#post-17485006)
 * [@gerdski](https://wordpress.org/support/users/gerdski/) – The vulnerability 
   report you posted is for a different plugin. There are no currently known or 
   outstanding vulnerabilities for the Contact Form 7 plugin. It is safe to use.
 *  Thread Starter [Gerdski](https://wordpress.org/support/users/gerdski/)
 * (@gerdski)
 * [2 years, 3 months ago](https://wordpress.org/support/topic/sql-injection-safety/#post-17486379)
 * This is what I wanted to know 🙂 I was never interested in the other plugin in
   the first place, it was just a false Google result.
 * Thanks 🙂

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘SQL Injection safety?’ is closed to new replies.

 * ![](https://ps.w.org/contact-form-7/assets/icon.svg?rev=2339255)
 * [Contact Form 7](https://wordpress.org/plugins/contact-form-7/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/contact-form-7/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/contact-form-7/)
 * [Active Topics](https://wordpress.org/support/plugin/contact-form-7/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/contact-form-7/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/contact-form-7/reviews/)

 * 6 replies
 * 3 participants
 * Last reply from: [Gerdski](https://wordpress.org/support/users/gerdski/)
 * Last activity: [2 years, 3 months ago](https://wordpress.org/support/topic/sql-injection-safety/#post-17486379)
 * Status: not a support question