If the Flamingo Plugin was installed alongside Contact Form 7 in order to save submitted forms to the database, then Flamingo would still save the data even when a submission was flagged as spam. With this change, spammy data is no longer saved to the database.
This vulnerability affects the following application versions:
- Contact Form 7 3.6
- Contact Form 7 3.7
- Contact Form 7 3.7.1
- Contact Form 7 3.7.2
- Contact Form 7 3.8
- Contact Form 7 3.8.1
- Contact Form 7 3.9
- Contact Form 7 3.9.1
- Contact Form 7 3.9-beta