Contact Form 7 5.3.2 has been released. This is an urgent security and maintenance release. We strongly encourage you to update to it immediately.
An unrestricted file upload vulnerability has been found in Contact Form 7 5.3.1 and older versions. Utilizing this vulnerability, a form submitter can bypass Contact Form 7’s filename sanitization, and upload a file which can be executed as a script file on the host server. This issue has been reported by Jinson Varghese Behanan from Astra Security.
Continue reading Contact Form 7 5.3.2
The Sendinblue integration module for Contact Form 7 is under development. We plan to include this module into Contact Form 7 5.4, which will be released next February.
Are you interested in being one of the initial stage users of the module? We call for volunteer beta testers to try this module on their websites and report issues if they find bugs or room for improvement.
If it is OK for you to become a beta tester, please refer to the instructions on the GitHub repository page and download a plugin package for the module.
Contact Form 7 5.3.1 is now available. 5.3.1 has been confirmed to be compatible with WordPress 5.6.
Continue reading Contact Form 7 5.3.1
Contact Form 7 5.3 is now available. The long-awaited contact form selector block for Block Editor has been introduced. You can now flexibly format a date using more natural expressions. The default contact form template has been improved again. As well as these, 5.3 adds a lot of refinements. Upgrading immediately is recommended.
Continue reading Contact Form 7 5.3
Contact Form 7 5.2.2 is now available. This is a maintenance release that includes several improvements and bug fixes.
Continue reading Contact Form 7 5.2.2
WordPress 5.5 has introduced the auto-update feature for plugins and themes. Keeping plugins and themes updated to the latest version is a key factor in managing your WordPress site securely. We strongly recommend you enable auto-updates for the Contact Form 7 plugin, but you should also be aware that there are risks involved in the use of auto-updates.
Continue reading Heads-up about auto-updates
The development repository of Contact Form 7 has moved to GitHub. The GitHub repository lets you:
- Browse the code in development branches;
- Trace back through the development logs;
- Contribute to the development by reporting issues and making pull requests;
- And more!
The release repository will continue to be on the WordPress.org Plugin Directory’s SVN-based system as before.
Contact Form 7 5.2.1 is now available. This is a maintenance release that includes several improvements and bug fixes. Contact Form 7 5.2.1 is also the first release that has been tested with WordPress 5.5.
Continue reading Contact Form 7 5.2.1
Flamingo 2.2 is now available. 2.2 has been tested with WordPress 5.5, which is going to be released in a few weeks. Integration with Contact Form 7 has been much improved. I recommend that you upgrade to 2.2 soon.
Continue reading Flamingo 2.2
To access user input posted through a contact form, you can refer to PHP’s native global variable
Continue reading Accessing user input data
$_POST. Besides this, Contact Form 7’s
WPCF7_Submission class provides a different data source (
$posted_data) that can be used to access user input. What are the differences between
$posted_data? And which one should you use for your purpose?