The EZCONTACTFORM Widget includes several security features to protect your forms and data:
- Server-side Validation: All form submissions are validated on our servers to ensure data integrity and prevent malicious input.
- CSRF Protection: Built-in protection against Cross-Site Request Forgery attacks.
- Domain Whitelisting: Submissions are only accepted from domains you've explicitly authorized in your EZCONTACTFORM dashboard.
- XSS Prevention: Automatic escaping of user input and configuration data.
We provide security updates for the following versions:
| Version | Supported |
|---|---|
| 1.11.x | ✅ |
| 1.10.x | ❌ |
| < 1.10 | ❌ |
We take the security of EZCONTACTFORM Widget seriously. If you believe you have found a security vulnerability, please report it to us as soon as possible.
Please do not open a public issue for security vulnerabilities. Instead, send an email to:
- A description of the vulnerability and its potential impact.
- Step-by-step instructions to reproduce the issue.
- Any relevant details about your environment (browser, OS, etc.).
- (Optional) A proposed fix or mitigation.
We will:
- Acknowledge receipt of your report within 48 hours.
- Investigate and verify the vulnerability.
- Work on a fix and keep you informed of our progress.
- Provide credit in our changelog (unless you prefer to remain anonymous).
Thank you for helping keep EZCONTACTFORM Widget safe for everyone!