Contact Form 7 5.8.4

Contact Form 7 version 5.8.4 is now available. This minor update release addresses a medium severity security issue recently reported.

A vulnerability related to file uploading was reported by Wordfence vulnerability researcher István Márton. To avoid the security risk, upgrade Contact Form 7 to 5.8.4 or later as soon as possible.

In the report it is pointed out that an add-on plugin called “Redirection for Contact Form 7” deliberately disables the safety mechanism of Contact Form 7, and, as a result, amplifies the risk of the vulnerability. Considering the maliciousness that this fact implies, and the prominent number of vulnerabilities reported about this plugin in the past, we strongly recommend you stop using the “Redirection for Contact Form 7” (wpcf7-redirect) plugin.

Requires: WordPress 6.2 or higher
Tested up to: WordPress 6.4.1

» Download Contact Form 7 plugin from WordPress.org

You can browse the full list of changes on GitHub.