<p>Contact Form 7 can manage multiple contact forms, plus you can customize the form and the mail contents flexibly with simple markup. The form supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering and so on.</p> <h4>Docs and support</h4> <p>You can find <a href="https://contactform7.com/docs/" rel="nofollow ugc">docs</a>, <a href="https://contactform7.com/faq/" rel="nofollow ugc">FAQ</a> and more detailed information about Contact Form 7 on <a href="https://contactform7.com/" rel="nofollow ugc">contactform7.com</a>. When you cannot find the answer to your question on the FAQ or in any of the documentation, check the <a href="https://wordpress.org/support/plugin/contact-form-7/" rel="ugc">support forum</a> on WordPress.org. If you cannot locate any topics that pertain to your particular issue, post a new topic for it.</p> <h4>Contact Form 7 needs your support</h4> <p>It is hard to continue development and support for this free plugin without contributions from users like you. If you enjoy using Contact Form 7 and find it useful, please consider <a href="https://contactform7.com/donate/" rel="nofollow ugc">making a donation</a>. Your donation will help encourage and support the plugin&#8217;s continued development and better user support.</p> <h4>Privacy notices</h4> <p>With the default configuration, this plugin, in itself, does not:</p> <ul> <li>track users by stealth;</li> <li>write any user personal data to the database;</li> <li>send any data to external servers;</li> <li>use cookies.</li> </ul> <p>If you activate certain features in this plugin, the contact form submitter&#8217;s personal data, including their IP address, may be sent to the service provider. Thus, confirming the provider&#8217;s privacy policy is recommended. These features include:</p> <ul> <li>reCAPTCHA (<a href="https://policies.google.com/?hl=en" rel="nofollow ugc">Google</a>)</li> <li>Akismet (<a href="https://automattic.com/privacy/" rel="nofollow ugc">Automattic</a>)</li> <li>Constant Contact (<a href="https://www.endurance.com/privacy" rel="nofollow ugc">Endurance International Group</a>)</li> <li><a href="https://www.brevo.com/legal/privacypolicy/" rel="nofollow ugc">Brevo</a></li> <li><a href="https://stripe.com/privacy" rel="nofollow ugc">Stripe</a></li> </ul> <h4>Recommended plugins</h4> <p>The following plugins are recommended for Contact Form 7 users:</p> <ul> <li><a href="https://wordpress.org/plugins/flamingo/" rel="ugc">Flamingo</a> by Takayuki Miyoshi &#8211; With Flamingo, you can save submitted messages via contact forms in the database.</li> <li><a href="https://wordpress.org/plugins/bogo/" rel="ugc">Bogo</a> by Takayuki Miyoshi &#8211; Bogo is a straight-forward multilingual plugin that does not cause headaches.</li> </ul> <h4>Translations</h4> <p>You can <a href="https://contactform7.com/translating-contact-form-7/" rel="nofollow ugc">translate Contact Form 7</a> on <a href="https://translate.wordpress.org/projects/wp-plugins/contact-form-7" rel="nofollow ugc">translate.wordpress.org</a>.</p>

CVE History

CVEPublishedCVSS v2CVSS v3
CVE-2020-3548910 CRITICAL10 HIGH
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
CVE-2018-209799.8 CRITICAL7.5 HIGH
The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.