Title: Security & this plugin Last modified: September 1, 2016 --- # Security & this plugin * [m-Aurelius](https://wordpress.org/support/users/m-aurelius/) * (@m-aurelius) * [9 years, 7 months ago](https://wordpress.org/support/topic/security-this-plugin/) * Hi, I’m very interested in using this plugin to gain redundancy for not relying exclusively on form submissions being emailed. My question is related to the security of the plugin itself. Can you tell me more about how the database table permissions relate to the rest of the WordPress DB? I’m a little concerned that someone could use this DB table to traverse and mess with the rest of the site. Have you ever seen this happen, and what security is in place to prevent something like this? Thanks! * [https://wordpress.org/plugins/contact-form-7-to-database-extension/](https://wordpress.org/plugins/contact-form-7-to-database-extension/) Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [Michael Simpson](https://wordpress.org/support/users/msimpson/) * (@msimpson) * [9 years, 7 months ago](https://wordpress.org/support/topic/security-this-plugin/#post-7716546) * The plugin does not interact with any other tables. (Technically it does save settings to wp_options like all plugins but it does this thru a WP API, not the DB directly). * A security compromise could conceivably allow an attacker to read or maybe delete from this plugin’s own table of submissions but not any other table. There just isn’t any code in the pluggin dealing with any other table. * [shadowood](https://wordpress.org/support/users/shadowood/) * (@shadowood) * [9 years, 7 months ago](https://wordpress.org/support/topic/security-this-plugin/#post-7716699) * Michael, * As I have not used your plugin directly I would potentially beg to differ with you. Explicitly stating that it does not deal with other tables can still present security concerns. Albeit most likely little. * Take a look at the [SQL injection cheatsheet](https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/), in particular this section: * > Union Injections > With union you do SQL queries cross-table. Basically you can poison query to > return records from another table. > SELECT header, txt FROM news UNION ALL SELECT name, pass FROM members > This > will combine results from both news table and members table and return all > of them. * There are a lot of methods for sql based attacks out there, with new ones coming out all the time. Nothing is 100% secure. * To m-Aurelius, * No one can address any and all potential security threats. Even if this plugins were perfectly secure, there would be no guarantee that the next one you install will be. * Security is a combination of factors such as a routine backup procedures, timely plugin updates and actively participating in your own WordPress blog security when you implement the security plugins you choose. * Plugin Author [Michael Simpson](https://wordpress.org/support/users/msimpson/) * (@msimpson) * [9 years, 7 months ago](https://wordpress.org/support/topic/security-this-plugin/#post-7716711) * Fair enough. Prepared statements are used to protect against SQL injection. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Security & this plugin’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/contact-form-7-to-database-extension_ffffff. svg) * [Contact Form DB](https://wordpress.org/plugins/contact-form-7-to-database-extension/) * [Frequently Asked Questions](https://wordpress.org/plugins/contact-form-7-to-database-extension/#faq) * [Support Threads](https://wordpress.org/support/plugin/contact-form-7-to-database-extension/) * [Active Topics](https://wordpress.org/support/plugin/contact-form-7-to-database-extension/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/contact-form-7-to-database-extension/unresolved/) * [Reviews](https://wordpress.org/support/plugin/contact-form-7-to-database-extension/reviews/) * 3 replies * 3 participants * Last reply from: [Michael Simpson](https://wordpress.org/support/users/msimpson/) * Last activity: [9 years, 7 months ago](https://wordpress.org/support/topic/security-this-plugin/#post-7716711) * Status: not resolved