Without much of a fanfare, Contact Form DB has moved off of the WordPress.org plugin platform and over to code repository service GitHub.com. You can still used Contact Form DB but to you need to do a one-time manual upgrade to make your WordPress website see the new plugin and get its updates in GitHub instead of WordPress.org

  1. Download the latest release from Contact Form DB Releases on GitHub as a zip file
  2. Uninstall Contact Form DB if you have version 2.10.29 or earlier
  3. Install the new version of the plugin via your WordPress plugins page by uploading the downloaded zip file
  4. Similarly install the GitHub updater plugin by downloading its .zip file and uploading via your plugins page.

Once done, you will be able to update Contact Form DB like normal by using the the plugins page on your WordPress site. Behind the scenes, the updates will now come from GitHub.

CSV injection vulnerability

Contact form 2.10.29 and below suffer from a CSV injection vulnerability, that could allow a malicious user to run code and make changes to your data when you open a CSV file of your Contact Form DB form data so upgrading is essential.

File Issue
Contact Form DB
Version: 2.10.29 or below
Contact Form 7 to Database Extension 2.10.32 – CSV Injection

  • Vulnerability type: UNKNOWN
  • This bug has been fixed in version: 2.10.36

We can help

If you need a hand to make the transition just get in touch and we’ll be happy to help!

Like

Feeling social? Share this with friends and colleagues...

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on skype
Skype
Share on whatsapp
WhatsApp
Share on email
Email