Subscribing for follow-up
Any update after 2 weeks ?
Please let us know.
If the security bug or vulnerability is already on those platforms, then I already know about it. They notify me now and provide me with additional report details and technical support as the developer responsible for patching it.
To stay updated on this particular report, please see this article here on my website or send me an email. I do not disclose vulnerability report details publicly for security purposes so if that is what you’re looking for, an email is best.
Patchstack reviewed the patch submitted in version 5.0.5 on March 24, 2026, and marked it as incomplete, meaning the immediate vulnerability has been patched but the security around it could be hardened even more. These additional security features will be added in the upcoming version 6 of Contact Form 7 – Dynamic Text Extension. I do not yet have a timeline for its release.
—April 8, 2026
For the security of all users, please do not report security bugs or vulnerabilities in these support forums. Instead, use either the Wordfence Intelligence Vulnerability Submission Form or the Patchstack Vulnerability Disclosure Program. Both platforms will assist you with verification, CVE assignment, and notify me.
