Category Archives: Announcement

Avast security alert

In the past few hours a lot of Contact Form 7 users have reported that their security tools provided by Avast Software have given a security alert about Contact Form 7. In particular, the alert says it has found a Trojan Horse in one of the script files in the Contact Form 7 package.

I have confirmed no such malware exists in Contact Form 7, so I believe that it is probably a false alarm. So far we haven’t received any information from Avast about this case.

I’ll update this post when there is new information.

Call for Sendinblue module beta testers

The Sendinblue integration module for Contact Form 7 is under development. We plan to include this module into Contact Form 7 5.4, which will be released next February.

Are you interested in being one of the initial stage users of the module? We call for volunteer beta testers to try this module on their websites and report issues if they find bugs or room for improvement.

If it is OK for you to become a beta tester, please refer to the instructions on the GitHub repository page and download a plugin package for the module.

New official logo

I’m excited to present Contact Form 7’s official logo!

Contact Form 7 logo

This elegant, minimalistic logo was designed by Cheung Vong, an artist, designer, developer, and long-time user of Contact Form 7. For more than ten years since its beginning, Contact Form 7 has had no official logo. Now I can say proudly, “This is our logo!” Thank you for your great work, Cheung!

What’s the mountain?

The mountain seen in the icon is Mount Fuji. Because I have used Hokusai’s old print art as a temporary logo for many years, and users are familiar with the image, I asked the designer to continue using Mount Fuji as a motif in the new logo.

Heads-up about spreadsheet vulnerabilities

Vulnerabilities affecting spreadsheet applications like Microsoft Excel and OpenOffice Calc have been known to exist for over 5 years, and unfortunately they seem to be still unresolved.

While it is not a vulnerability of WordPress, or its plugins, because there must be so many users of our products who are at risk of these vulnerabilities, and the damage from it could be huge, I think I should write an article here to alert you of the issue.

Continue reading Heads-up about spreadsheet vulnerabilities

on_sent_ok Is Deprecated

The Additional Setting “on_sent_ok” is used to assign a JavaScript code that will be executed when a form submission completes and mail has been sent successfully. It is often used for the purpose of tracking form submissions with web analytics services or redirecting to another page after a form submission.

The “on_sent_ok” and its sibling setting “on_submit” are deprecated and scheduled to be abolished by the end of 2017. It’s not that using those settings is unsafe, but it’s possible that enabling them will increase risk in case there are vulnerabilities in this plugin or in other components of your site. It’s time to replace them with a safer alternative.

Update: on_sent_ok and on_submit have been officially removed from Contact Form 7 5.0.

Continue reading on_sent_ok Is Deprecated

HTML is not allowed in messages

In the Messages tab in a contact form editor screen, you can edit messages that Contact Form 7 displays in different situations. In the messages, you can only use plain text; do not use HTML tags and entities.

Allowing HTML in a message can be a security risk; Contact Form 7 4.4 and later forcibly strip HTML when displaying the message. Review the Messages tab to make sure that you don’t have any HTML there.

Continue reading HTML is not allowed in messages