Vulnerabilities affecting spreadsheet applications like Microsoft Excel and OpenOffice Calc have been known to exist for over 5 years, and unfortunately they seem to be still unresolved.
While it is not a vulnerability of WordPress, or its plugins, because there must be so many users of our products who are at risk of these vulnerabilities, and the damage from it could be huge, I think I should write an article here to alert you of the issue.
Continue reading Heads-up About Spreadsheet Vulnerabilities
Contact Form 7 protects your forms from spammers with several different spam protection modules such as Akismet, reCAPTCHA, and Comment Blacklist. These modules help a lot, but how can you know which module has blocked a submitted message and why the module has blocked it?
Continue reading Why Is This Message Marked “Spam”?
The “on_sent_ok” and its sibling setting “on_submit” are deprecated and scheduled to be abolished by the end of 2017. It’s not that using those settings is unsafe, but it’s possible that enabling them will increase risk in case there are vulnerabilities in this plugin or in other components of your site. It’s time to replace them with a safer alternative.
Continue reading on_sent_ok Is Deprecated
In the Messages tab in a contact form editor screen, you can edit messages that Contact Form 7 displays in different situations. In the messages, you can only use plain text; do not use HTML tags and entities.
Allowing HTML in a message can be a security risk; Contact Form 7 4.4 and later forcibly strip HTML when displaying the message. Review the Messages tab to make sure that you don’t have any HTML there.
Continue reading HTML is Not Allowed in Messages
We are currently seeing trouble reports in a specific pattern on the support forum. The most common issue is:
- After a form submission, they see “Failed to send your message” with a red border. Mail is not sent.
- They claim that the trouble started after upgrading to WordPress to 4.4.1.
Continue reading Red Border Error Issue on WordPress 4.4.1
This is an announcement for volunteer translators.
Thanks to your enormous effort, Contact Form 7 is now available in 64 languages. This is great, and I appreciate your contributions.
As you may already know, translate.wordpress.org (GlotPress) has been introduced as the translation infrastructure for WordPress and related projects. It added plugin translation support last year.
Plugin Translations on WordPress.org
Translating on translate.wordpress.org has a lot of advantages; for example, you can translate collaboratively to share the burden with other translators.
We are going to migrate translations to translate.wordpress.org.
Next time you update the translation, please do it on translate.wordpress.org. For the details of translate.wordpress.org, refer to the Translator Handbook. Also, I updated the instruction page for beginner translators.
Contact Form 7 4.4 is scheduled to be released next month. I’ll check the status of translations just before the release, and if there are languages that are 100% translated at the time, I’ll remove the corresponding language (.mo) files from the plugin package so that the translations on translate.wordpress.org are used preferentially.