Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

WordPress Plugin Directory

wordpress.org

ciphercoin.com

Releases24

Frequency4 months 3 weeks

Last Release about 1 month ago

Downloads8.5M

The “CFDB7” plugin saves contact form 7 submissions to your WordPress database. Export the data to a CSV file.
By simply installing the plugin, it will automatically begin to capture form submissions from contact form 7.

Features of CFDB 7

No configuration is needed
Save Contact Form 7 form submitted data to the database.
Single database table for all contact form 7 forms
Easy to use and lightweight plugin
Developer friendly & easy to customize
Display all created contact form 7 form list.
Export CF7 DB (CF7 Database – cf7db) data in CSV file

Form Email Testing Tool

MailMug – SMTP Sandbox

Plugins

Pro Addons

Entry Automation
Automatically export CFDB7 form entries to CSV on a schedule
Advanced MYSQL DB
Separate MySQL column for each cf7 input field
Excel Spreadsheet (XLSX) Extension
Connect CFDB7 to an external database or another DB
Drag & Drop File Upload
Contact form 7 drag and drop files upload plugin.
Already Submitted?
Trigger error if a field is already submitted
Popup Message
Replace your validation and success messages with beautiful popup messages to attract visitors.
Export PDF File
Easy to export contact forms from database to PDF file
Import CSV to Database
Import data from the CSV file to the CFDB7 database

Support : http://www.ciphercoin.com/contact/
Extensions : Contact form 7 more Add-ons

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-4665 ↗	Oct 29, 2025Wednesday, 29 October 2025, 00:15	9.6 CRITICAL	—
WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization (PHP Object Injection). The weakness arises due to insufficient validation of user input in plugin endpoints, allowing crafted input to influence backend queries in unexpected ways. Using specially crafted payloads, this can escalate into unsafe deserialization, enabling arbitrary object injection in PHP. Although the issue is remotely exploitable without authentication, it does require a crafted interaction with the affected endpoint in order to trigger successfully.
CVE-2025-6740 ↗	Jul 4, 2025Friday, 4 July 2025, 12:15	6.1 MEDIUM	—
The Contact Form 7 Database Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tmpD’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.