Jetpack 5.6.1 Increases Security of the Contact Form Module

Jetpack has released version 5.6.1 which hardens the Contact Form module by improving permissions checking when updating a form's settings. In addition to security fixes, the character count for when Publicize publishes content to Twitter has been increased to 280.

This release also fixes a bug that disabled the ability to save widgets after removing a Widget Visibility rule. Users are encouraged to update as soon as possible, especially if you make heavy use of the Contact Form module.

Would you like to write for WP Tavern? We are always accepting guest posts from the community and are looking for new contributors. Get in touch with us and let's discuss your ideas.

1 Comment

  1. I’m confused how those changes to the contact form module improve security. It appears to be just adjustments to user permissions, but the contact form data is stored in the form of a shortcode, and the page being edited should control those permissions anyway.

    I’d already done a full audit of those code in there for a previous project. I didn’t think there were any problems in that section at the time, and I’m still confused as to how the change is an improvement. It seems to be just doing the same job twice, but perhaps I’m missing something obvious :/


Comments are closed.