Contact Form 7 5.9.2

Contact Form 7 version 5.9.2 is now available. This minor update release includes a security fix to address a medium severity Reflected Cross-Site Scripting vulnerability issue reported by Wordfence researcher Asaf Mozes. It also contains several other bug fixes and improvements. Upgrade to 5.9.2 as soon as possible.

Major changes

  • Submissions: Iterates over form-tags to format corresponding posted data.
  • SWV: Decodes HTML entities on registering an enum rule.
  • SWV: Filters out only explicit empty string values from enum options.
  • SWV: In the file context, properly calls WPCF7_SWV_Schema::validate() as a generator.

You can browse the full list of changes on GitHub.

Requires: WordPress 6.3 or higher
Tested up to: WordPress 6.5 RC1

» Download Contact Form 7 plugin from