After the security vulnerability kerfuffle that I reported on the other day regarding my beloved contact form 7 plugin, the plugin author has released an update which contains the necessary security fixes. Based on the changes, we can see that the security problem lied within the fact that the previous version did not apply default restrictions for file types and file sizes.
This version applies default restrictions for file type and file size when you do not set the filetypes and limit (file size) options explicitly. Default acceptable file types (extensions) are: jpg, jpeg, png, gif, pdf, doc, docx, ppt, pptx, odt, avi, ogg, m4a, mov, mp3, mp4, mpg, wav, and wmv. Default acceptable file size is 1 MB (1048576 bytes).
You can grab the new version from the plugin homepage or from the WordPress plugin repository.
Donations:
Last night, I donated $20.00 to the author of Contact Form 7 to bring his total up to $100.00 Not only is it a great plugin, but I wanted to send a token of appreciation for fixing the plugin so quickly. I noticed that many other people use this plugin as well and if you can spare a dollar or two as a donation, I highly encourage it. This marks the third donation I’ve given to a plugin author. If WPTavern can ever pay the bills while having cash left over, I’d use that to donate to plugin authors of the plugins I use on this site.
Jeffro, thanks so much for this post and donation for Contact Form 7. I appreciate the concern :)