Contact Form 7 version 5.9.2 is now available. This minor update release includes a security fix to address a medium severity Reflected Cross-Site Scripting vulnerability issue reported by Wordfence researcher Asaf Mozes. It also contains several other bug fixes and improvements. Upgrade to 5.9.2 as soon as possible.
Major changes
- Submissions: Iterates over form-tags to format corresponding posted data.
- SWV: Decodes HTML entities on registering an
enumrule. - SWV: Filters out only explicit empty string values from
enumoptions. - SWV: In the file context, properly calls
WPCF7_SWV_Schema::validate()as a generator.
You can browse the full list of changes on GitHub.
Requires: WordPress 6.3 or higher
Tested up to: WordPress 6.5 RC1