hundreds-of-thousands-of-wordpress-sites-defaced-through-rest-api-vulnerability.jpg

5M Sites Running WordPress ‘Contact Form 7’ Plugin Open to Attack

Alex Swabey December 18, 2020 0 Comments

A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin. Note: As of 18th December 2020 we have patched all hosted sites on our platform against the vulnerability. A patch for the popular WordPress plugin called Contact Form 7 was released Thursday. It fixes a critical bug that allows an unauthenticated adversary to...

Contact Form 7 switching to reCAPTCHA v3 for invisible spam protection

Chris Grant (he/him) January 15, 2019 0 Comments

Google's reCAPTCHA service protects your website against spam and other types of automated abuse. With Contact Form 7’s reCAPTCHA integration module, you can block abusive and junk contact form submissions and login attempts by spam bots that target pretty much any WordPress website on the internet. The latest version of the reCAPTCHA API is v3. Contact Form 7 5.1 and later uses reCAPTCHA...

Contact Form 7 abandons Google ReCaptcha V2, adopts Google ReCatpcha V3, causes SPAM chaos

Chris Grant (he/him) December 22, 2018 0 Comments

On Thursday, December 13, 2018 there was a new version (5.1) of Contact Form 7, one of the most popular WordPress plugins with over 5 million installations, released. The author/developer, Takayuki Miyoshi, decided to abandon Google ReCaptcha V2 and adopt Google ReCatpcha V3. You can learn about the versions here https://developers.google.com/recaptcha/docs/versions. This implementation forced...

Contact Form 7

Recent posts on our blog