Warning against the use of vulnerable add-on plugins

You can find so many add-on plugins for Contact Form 7 on the Internet. You might also assume that they have an affiliation with or are certified by the developers of Contact Form 7, but that’s not true. They are third-party products that have nothing to do with the Contact Form 7 project.

We don’t recommend any of them. In reality, some of them are known to have severe security vulnerabilities, so we strongly advise you to avoid using them.

A typical example recently seen is a plugin called Contact Form 7 Datepicker. As you can see in the warning message on the plugin page, this plugin has been closed because of a security issue. Its last update was 6 years ago, and, of course, it cannot work with the current WordPress. It is surprising that there seem to be people still using such obviously insecure abandoned software.

Screenshot of the Contact Form 7 Datepicker plugin page.
Screenshot of the Contact Form 7 Datepicker plugin page.

Besides the Contact Form 7 Datepicker plugin, there are many unreliable add-ons. Make sure that you pay attention to the security of plugins and themes you use. Ultimately, the responsibility to maintain your sites securely lies with you as the site owner.