If you use the WordPress Contact Form DB plugin you need to manually upgrade
Without much of a fanfare, Contact Form DB has moved off of the WordPress.org plugin platform and over to code repository service GitHub.com. You can still used Contact Form DB but to you need to do a one-time manual upgrade to make your WordPress website see the new plugin and get its updates in GitHub instead of WordPress.org
- Download the latest release from Contact Form DB Releases on GitHub as a zip file
- Uninstall Contact Form DB if you have version 2.10.29 or earlier
- Install the new version of the plugin via your WordPress plugins page by uploading the downloaded zip file
- Similarly install the GitHub updater plugin by downloading its .zip file and uploading via your plugins page.
Once done, you will be able to update Contact Form DB like normal by using the the plugins page on your WordPress site. Behind the scenes, the updates will now come from GitHub.
CSV injection vulnerability
Contact form 2.10.29 and below suffer from a CSV injection vulnerability, that could allow a malicious user to run code and make changes to your data when you open a CSV file of your Contact Form DB form data so upgrading is essential.
| File | Issue |
| Contact Form DB Version: 2.10.29 or below |
Contact Form 7 to Database Extension 2.10.32 – CSV Injection
|
We can help
If you need a hand to make the transition just get in touch and we’ll be happy to help!