Title: [Plugin: Contact Form 7] SQL Injection
Last modified: August 20, 2016

---

# [Plugin: Contact Form 7] SQL Injection

 *  [elwhizard](https://wordpress.org/support/users/elwhizard/)
 * (@elwhizard)
 * [14 years, 9 months ago](https://wordpress.org/support/topic/plugin-contact-form-7-sql-injection/)
 * Hi,
 * Is this plugin vulnerable to SQL injection. Received the information below from
   the contact form. Thanks in advance for the answers.
 * Subject: 1 declare [@q](https://wordpress.org/support/users/q/) varchar(8000)
   select [@q](https://wordpress.org/support/users/q/) = 0x57414954464F522044454C4159202730303A30303A313527
   exec(@q) —
 * Subject: 1 declare [@q](https://wordpress.org/support/users/q/) varchar(8000)
   select [@q](https://wordpress.org/support/users/q/) = 0x57414954464F522044454C4159202730303A30303A313527
   exec(@q) –/n/n
 * Message Body:/n
    1
 * /n/n
 * [http://wordpress.org/extend/plugins/contact-form-7/](http://wordpress.org/extend/plugins/contact-form-7/)

Viewing 1 replies (of 1 total)

 *  Plugin Author [Takayuki Miyoshi](https://wordpress.org/support/users/takayukister/)
 * (@takayukister)
 * [14 years, 9 months ago](https://wordpress.org/support/topic/plugin-contact-form-7-sql-injection/#post-2286113)
 * Contact Form 7 is not vulnerable to SQL injection.

Viewing 1 replies (of 1 total)

The topic ‘[Plugin: Contact Form 7] SQL Injection’ is closed to new replies.

 * ![](https://ps.w.org/contact-form-7/assets/icon.svg?rev=2339255)
 * [Contact Form 7](https://wordpress.org/plugins/contact-form-7/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/contact-form-7/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/contact-form-7/)
 * [Active Topics](https://wordpress.org/support/plugin/contact-form-7/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/contact-form-7/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/contact-form-7/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [Takayuki Miyoshi](https://wordpress.org/support/users/takayukister/)
 * Last activity: [14 years, 9 months ago](https://wordpress.org/support/topic/plugin-contact-form-7-sql-injection/#post-2286113)
 * Status: not resolved