The extremely popular WordPress plugin, Contact Form 7, has recently issued an urgent update as a security issue has been found which causes vulnerabilities in older versions of the plugin.

WordPress Logo

What is the security issue?

‘An unrestricted file upload vulnerability has been found in Contact Form 7 5.3.1 and older versions. Utilizing this vulnerability, a form submitter can bypass Contact Form 7’s filename sanitization, and upload a file which can be executed as a script file on the host server.’ – CF7 Security Release.

This means that older versions of the plugin, older than version 5.3.1 could have this issue. It is mainly with a field you can add that lets a user upload a file. It was with this hackers found a way to bypass the security and send through malicious files.

This has now been fixed, and there are no security issues with the most updated version. Check your website now, and update.

Is Contact Form 7 secure?

Yes, as long as you update the plugin, there is nothing to worry about. Security breeches like these are quite rare, and Contact Form 7 is constantly being updated and checked.

How can I update the plugin?

To update your Contact Form 7 plugin (or any plugin), you will need to log into your WordPress website.

The latest version of Contact Form 7 is version 5.3.2.

Go to the ‘Plugins’ section on the left side.

Here you will see a list of all the plugins that are on your website. You will probably see a prompt to update the plugin from here.

Update Contact Form 7 Plugin

If you don’t have a prompt, that means the plugin is already updated. You can see the version you have installed in the description.

Sometimes if you have old versions of a plugin, it might not show a prompt to update it. In this case, you may need to deactivate the plugin and re-install it.

What is Contact Form 7?

Created by Takayuki Miyoshi, Contact Form 7 is a plugin you can add to your WordPress website. It lets you create various forms for your website to use as you please. It is one of the most popular plugins on WordPress, and is installed on over 5 million websites worldwide.

For example, my contact form is built with Contact Form 7.

Security Advice

It is quite rare that plugins have security issues like these, but for popular plugins like Contact Form 7, they are always updates quickly. The latest version of WordPress has an auto-update feature for plugins, so you can ensure all your plugins are the most recent versions.

It is always important to check the plugins you use on your website are from reputable sources, and are updated to work with the latest versions of WordPress. Always check periodically to see if you need to update your plugins.


For more News and Resources, checkout my home page – phil-isherwood.co.uk.

Got CF7 on your website? Update it now – share this post ⬇

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like