Ninja Forms – The Contact Form Builder That Grows With You Plugin

Forms that grow with your business

As one of WordPress’ oldest form builders, we’re proud to serve users from around the world, from all walks of life, and from different stages of online growth. From the small businesses and local nonprofits that make up the core Ninja Forms user base to universities, hospitals, and even Fortune 500 companies, we’ll scale with you from startup to wherever you’re aiming for.

We’re committed to offering as many free, open source tools as we can get away with to back you up in the extremely price-conscious early days. As you grow, pick and choose only the premium features you need as you need them. We’ll grow with you from there for as far as you want to take us.

We’re also committed to respecting your privacy and time. No unsolicited emails or aggressive marketing. No paywalling basic features or scraping private data. We offer a fully staffed team of support experts and a comprehensive library of plugin documentation for all users, free and paid, to help keep you collecting the submissions that move your business forward.

We look forward to seeing where you’ll take us!

All the basics without the paywalls

When you’re starting out, even little expenses add up quickly. That’s why Ninja Forms core will always be free and open source. It’s why we try to offer as much in core as we can to cover your basic needs at no cost. Here’s a peek at some of what core has to offer.

Form Building Features
– 24+ FREE drag-and-drop form fields
– Customize fields with default values, specialty text, and much more
– Favorite and reuse any customized field
– Calculations: assign values to fields and calculate totals
– Merge tag system for pre-populating fields and passing field data between forms
– Configurable per-field submission storage for easy GDPR compliance
– Email notifications on submission (as many as you like, free!)
– Customizable success messages (supports links and downloads!)
– Redirect to new page after submission
– Customize callbacks to WP action hooks on submit
– Spam Protection: full integration with Google reCAPTCHA & Akismet
– Configurable form display settings
– Form restriction settings
– Unique field validation
– Unlimited forms & submissions
– Form Templates
– Form Import / Export
– Shareable forms (share the form via link without it being attached to a page)
– No aggressive marketing, pushy review asks, constant popups, or unsolicited emails
– Responsive and mobile friendly
– SEO friendly

Submission Management Features
– Unlimited FREE submissions
– Configurable submissions display
– Search and filter by field
– Search and filter by submitted value
– Search and filter by submission date
– Edit submitted values
– Refire any email notification from any submission
– Export to CSV
– Bulk submissions export
– Automated WordPress GDPR integration for export & delete data requests
– Mark fields as PII and selectively not store specific data
– All submissions stored locally on YOUR server only unless you specify otherwise
– We never see or collect your field or submission data

Dozens of buildable form types
– Contact form
– Email form
– Calculation form
– Lead form
– Quiz form
– Mortgage or Payment Calculator forms
– Quote and Cost Calculator forms
– Health and Fitness Calculator forms
– Polling form
– Survey form
– Lead Magnet Download form
– Event Registration form
– Sales form
– Appointment form
– Booking form
– Entry form
– Order form
– Lesson Plan form
– Job Application form
– RSVP form
– Request form
– Feedback form
– Support form
– GDPR Export or Delete Data Request forms
…and many more!

You get more than just a plugin
– Fully documented
– Regular updates
– FREE technical support
– Privacy and security minded
– Accessibility focused
– Translated into 24+ languages by the WordPress Polyglots team
– Long term partners of WPML for even more translations!
– Ecosystem aware: we know it’s not just you and Ninja Forms. We do our best to communicate and play nice with others.

Pick and choose just what you need as you need it

As you start to grow, so does what you need out of your forms. But there’s no need to dive into the deep end right away and spend more than is practical. All premium features are contained in add-ons to the core form builder and can be purchased independently. When you find yourself wanting just one or two things, you can grab just what you need without paying for extras.

When you’re ready for more, our membership plans bundle popular features together in budget friendly packages.

Select from 40+ add-ons across multiple categories:

Advanced Form Features
– Advanced Datepicker
– Conditional Logic
– File Uploads
– Layout & Styles
– Multi Step Forms
– Save Progress
– User Analytics
– User Management

Submissions Extended
– Excel Export
– Front End Posting
– PDF Form Submissions
– Scheduled Submissions Export

Accept Payments
– Authorize.net
– Elavon
– PayPal official partner
– Recurly
– Stripe

Email Marketing
– Active Campaign
– AWeber
– Campaign Monitor
– CleverReach
– Constant Contact
– ConvertKit
– EmailOctopus
– Emma
– Mailchimp
– MailPoet

CRMs
– Capsule
– CiviCRM
– HubSpot *official partners
– Insightly
– OnePageCRM
– PipelineDeals
– Salesforce
– Zoho CRM

Notifications & Workflow
– ClickSend SMS
– Help Scout
– Slack
– Trello
– Twilio SMS

Automation
– Webhooks
– Zapier official partners

The sky’s the limit on what you can build with add-on features, but here are some of the most popular forms we see in the wild:

• Payment forms
• Donation forms
• Signup forms
• User Registration form
• Newsletter forms
• CRM forms
• User Registration form
• Login forms
• Upload forms
• Google Sheets forms
• Post Creation forms

Notes

We’ve been standing by our product and our users for over a decade, working to make your experience the best it can be. We’re one of the only form builders around that offers support for all users, whether you’ve made a purchase or not.

If you have any questions or suggestions, we’re always happy to hear from you. We have a dedicated support team with team members that span four continents standing by to help with technical questions every Monday to Friday. General feedback is always welcome too. It’s a big part of how we figure out what to do next, so chime in any time!

You’ll always have a direct line to us right here!

Additional Branding and Trademark Information

Ninja Forms® is a registered trademark of Saturday Drive INC. We are a WordPress forms or WP forms builder, not to be confused with the independent WPForms brand for WordPress. All official Ninja Forms add-ons and memberships can be found on our official website, ninjaforms.com.

This section describes how to install the plugin and get it working.
1. Upload the ninja-forms plugin folder to your /wp-content/plugins/ directory
2. Activate the plugin through the ‘Plugins’ menu in WordPress
3. Visit the ‘Ninja Forms’ menu item in your admin sidebar

Further Installation Documentation

1. 

   The most intuitive and beautiful form building experience

2. 

   Field Options

3. 

   Advanced Settings

4. 

   Beautiful Forms Every Time!

3.8.8 (22 July 2024)

Bug Fixes:
– Ensure submissions page and Append Ninja Form block are visible on WP 6.6

Other:
– Update readme ‘tested up to’ and ‘requires at least’

3.8.7 (15 July 2024)

Bug Fixes:
– prevent licensing CSRF

3.8.6 (8 July 2024)

Bug Fixes:
– prevent deprecated false to array notice in preview
– prevent undefined array key ‘plugin’ warning in class extension updater
– prevent invalid date error when setting default date format to “j F Y” on non-English languages

Other:
– automated test for version number
– update wordpress library packages
– add documentation links to settings in the form builder

3.8.5 (13 June 2024)

Bug Fixes:
– Protect preview query parameters

3.8.4 (28 May 2024)

Bug Fixes:
– Ensure first name field populates only first, not full, name
– Enable personally identifiable setting outside of dev mode
– Add merge tags ‘other’ for random, year, month, day

Other:
– Set version resolutions for certain packages
– Improve discoverability of available actions
– Update marketing feed

3.8.3 (1 May 2024)

Bug Fixes:
– Ensure fieldset repeaters function on index values ending in 0 (10, 20, etc)

Other:
– Update tests to run on 6.5.2

3.8.2 (29 March 2024)

Bug Fixes:
– Allow default span tags in form labels

= 3.8.1 (27 March 2024)
Bug Fixes:
– Ensure submission exports can’t be called from any unintended pages
– Prevent injected scripts into submit button and advanced labels
– Prevent XSS on image lists

Other:
– Update add-on images

= 3.8.0 (20 February 2024)
Features:
– Add ‘referer URL’ merge tag

Bug Fixes:
– Prevent display error when date format is not set
– Ensure current date stored when default is not modified
– Ensure translation of date strings

Other:
– Add user help text and images
– Add automated tests

= 3.7.3 (12 February 2024)
Bug Fixes:
– Update code for PHP 8.3

Other:
– Add in-app documentation text and links
– Add scroll bar for long vertical content

= 3.7.2 (29 January 2024)
Bug Fixes:
– Prevent form display on password protected page
– Sanitize email address on data export request; responsibly reported by stealthcopter via Wordfence

= 3.7.1 (23 January 2024)
Bug Fixes:
– Prevent deprecated warning from license updater
– Ensure date picker calendar view honors date range year limits
– Improved management of submission expiration request
– Prevent autocomplete on fields set to disable autocomplete
– Prevent error when fetching add-on list

Other:
– Add second “Add New Field” control for enhanced user experience
– Update JS libraries
– Update WP scripts and block utilities
– Update UTM links

= 3.7.0 (07 November 2023)
* Features:*
– Ability to preserve ‘extra’ data after redirect

• Bug Fixes: *

• Ensure extra data on CSV export is in correct chronological order

• Other: *

• Updated end to end test

= 3.6.34 (11 October 2023)

• Bug Fixes: *
• Prevent script triggers in field labels

• Ensure needed export data present before action

• Other: *

• Update to country list
• Close notice from bulk export results

= 3.6.33 (3 October 2023)

• Bug Fixes: *
• Error re-triggering email action when PDF is active
• Display anonymized repeater field data in submissions
• Error on missing class name
• Remove Max-width CSS being applied to form content

• misspelled text fixes

• Other *

• Dependencies bumps= 3.6.32 (21 September 2023)

• Bug Fixes: *

• rePrints data on the template for the frontend in order to prevent conflicts with other plugins
• checks if the description of fields in the builder is set before running trim

= 3.6.31 (19 September 2023)

• Bug Fixes: *

• Fixes form not displaying and form stuck on processing from jQuery trim() failure on non-string

• Other: *

• Remove old promotions banner

= 3.6.30 (14 September 2023)

• Bug Fixes: *
• Form should now submit properly if submit button label and processing label match.

• Ensure forms display on themes using wp_localize_script

• Other: *

• Remove support for NF 2.9
• JS dependency updates: update to React 18, WordPress block editor/scripts/server side render/i18n, babel-jest, core-js

= 3.6.29 (16 August 2023)

Bug fixes:
* Fix submission retrieval error missing submissions within time stamp on date
* Ensure 7.4-required functionality doesn’t trigger warnings

Other:
* Update library for autonumeric, WP scripts
* Update tested up to, now 6.3 was 6.2.2

= 3.6.28 (06 July 2023)

Bug fixes:
* Correct issue that prevented form deletion

= 3.6.27 (04 July 2023)

Bug fixes:
* Use static call for class name for PHP 7 support

= 3.6.26 (04 July 2023)

Other:
* Ensure minimum required version on packages

Security Enhancements:
* Prevent unauthorized download of submission
* Prevent scripts in dashboard field labels; responsibly reported by Sayandeep Dutta
* Prevent front-facing label scripts; responsibly reported by Jonathon Zamora & WordPress.org
* Prevent excess extra data through automated form submission
* Prevent override access where not permitted

= 3.6.25 (14 June 2023)
Bug Fixes:
– Remove duplicate radio bubble on opionated styles mobile
– Restrict delete file route to uploads directory

Other:
– Bump @wordpress/jest-preset-default from 10.9.0 to 11.4.0 #6579
– Bump core-js from 3.30.1 to 3.30.2 #6578
– Bump axe-core from 4.7.0 to 4.7.1 #6577
– Bump @wordpress/components from 23.9.0 to 24.0.0 #6576
– Bump @babel/core from 7.21.5 to 7.21.8 #6575
– Prototype Pollution in lodash
– Regular Expression Denial of Service in trim
– glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex
– Uncontrolled Resource Consumption in trim-newlines
– Inefficient Regular Expression Complexity in nth-check

= 3.6.24 (12 May 2023)
Bug Fixes:
– Prevent bypass of required field with modified data
– Prevent datepicker to break the view when set with 0 minutes increment
– Prevent Submit button to double submit a form

= 3.6.23 (26 April 2023)
Bug Fixes:
– Ensure HTML fields load merge data
– Add fieldset repeater uploads to CSV and emails

= 3.6.22 (20 April 2023)
Bug Fixes:
– Prevent possible XSS vulnerability

= 3.6.21 (12 April 2023)
Bug Fixes:
– Ensure cron_interval value is integer
– Ensure option definition value has fallback value
– Ensure cache update process doesn’t break on errant stored data
– Replace deprecated use of self in callable
– Use form Id to filter field searches for faster response

= 3.6.20 (14 March 2023)
Bug Fixes:
– Error management in Repeater fieldsets (fields inside repeater fieldsets now respond to frontend validation)
– Display repeater field data in HTML field via merge tags
– Include Repeater data in CSVs when the repeater wasn’t repeated
– Display repeater data in retrigger email actions (and its CSV)
– Display Correct repeater child fields labels in emails
– Display repeater description on form
– Ensure correct rendering of date field in repeaters
– CSVs now display repeaters data as one row for each fieldset

Fixes for extensions:
– Save progress display repeater field without errors
– Multi-part compatibility display repeater field, with merge tags and data saved correctly

= 3.6.19 (22 February 2023)
Bug Fixes:
– Migrate/update jBox library
– Ensure language filter results are passed to downstream filters
– Prevent non-string math error

Other:
– Add version checks for extensions

= 3.6.18 (16 February 2023)
Bug Fixes:
– Prevent deprecated warning null preg_match_all
– Ensure empty form does not throw error on preview
– Ensure array for currency doesn’t throw fatal error
– Declare previously undeclared properties (PHP 8)
– Prevent undefined array key error
– Ensure missing key in recaptcha field doesn’t fail

= 3.6.17 (8 February 2023)
Bug Fixes:
– Ensure HTML injected in label is sanitized
– Correct typo in date format for option DD/MM/YYYY
– Ensure GMT offset setting does not prevent submissions page display
– Prevent deprecated notice on empty merge tag “other”
– Prevent deprecated notice for jsonSerialize
– Prevent deprecated notice for passing null value

= 3.6.16 (18 January 2023)
Bug Fixes:
* Import buffer class to re-enable download as PDF
Other Enhancements:
* Add code coverage reporting

3.6.15 (10 January 2023)

Bug Fixes:
* Resolves add-on manager fatal error
* Prevents image in HTML loading error for WP 6.1
* Correct multiple accessibility warnings
* Enables empty step in number field
* Enables default zero value
Other Enhancements:
* Update ‘tested to’
* Set resolutions to prevent vulnerable child dependencies

3.6.14 (2 September 2022)

Bug Fixes:
* Fixes an issue with trailing commas
* Fixes an issue for some users on PHP7.4 and below.
Other Enhancements:
* Update ‘tested to’

3.6.13 (30 August 2022)

Bug Fixes:
* Prevent object wakeup in unserialize
* Correct errant variable name is submissions check
Other Enhancements:
* Smart suggestions for extensions
* Update ‘tested to’

3.6.12 (22 June 2022)

Bug Fixes:
* Fixed naming collision with reCaptcha cookie check
* HTML re-enabled in field labels for users with correct capabilities
* Removed orphaned repeater field setting from advanced settings
* Fixed form imports for non-UTF-8 encoded files

3.6.11 (14 June 2022)

Security Enhancements
* Apply more strict sanitization to merge tag values

3.6.10 (07 June 2022)

Bug Fixes:
* Retrigger emails from Submissions page if form only has 1 Email Action
* Invalid Date message triggered by Date Picker Field
* Typo in Delete Form popup
* Importing a form sets the Step value of any Number field to 1, regardless of the Export value
* Front End Checkbox/Radio lists are not keyboard accessible
* Form Preview Page does not work in themes that enable full site editor
* Public link not working in some themes
* Checkbox Fields with a checked calc value of 0 evaluate to 1 in JS
* Activating Layouts & Styles removes merge tags from email actions until the form is republished
* Trigger error when cookies for reCaptcha v3 were not allowed ( Implemented with hooks )
* Submissions page select dates filter restored

Security Enhancements
* Improve escaping on field template labels and values reported responsibly by Ryan at WP Scan
* Improve sanitization of label values
* Improve authorization check for field imports

3.6.9 (24 March 2022)

Bug Fixes:
Restore “Download All Submissions” functionality

= 3.6.8 (14 March 2022)

Bug Fixes:
Correct Repeatable Fieldset CSV output, was Array Array Array
Add “Trash” view to React submissions page
Fix broken submission view when Date field added to converted CF form

Security Enhancements
Remove CSV temp files stored in publicly accessible location, reported responsibly by Agence Web Coheractio – Paris at https://www.coheractio.com

= 3.6.7 (30 November 2021)

Bug Fixes:

• Fix Danish/Finnish language halts submissions page display
• Exclude confirm field from submission data
• Scroll list fields to prevent extremely tall rows
• Correctly display checkbox value in submission table
• Fix PHP warning on column control
• Remove note, html, submit, confirm fields from CSV export
• Use set date format on CSV export
• Prevent XSS in form title

= 3.6.6 (15 November 2021)

Bug Fixes:

• Rename ‘store submission’ to record submission’
• Enable extra data column headers in CSV export
• Use admin labels in tables and export

= 3.6.5 (04 November 2021)

Bug Fixes:

• Ensure submission column selections are remembered for next viewing
• Ensure date time is properly displayed in submission popup editor
• Display calculations metabox in submissions
• Add temporary submissions page rollback option
• Fix failing search results on submissions page
• Ensure checkbox displays correct value, not always ‘checked’

= 3.6.4 (25 October 2021)

Bugs:

• Prevent data timeout error by reducing size of initial submission request
• Prevent SQL injection from field key
• Prevent overwriting of ConvertKit action name during import
• Ensure forms that don’t have email actions appear in submission page list

= 3.6.3 (18 October 2021)

Bugs:

• Update submission link on form dashboard
• Check for CF database before adding CF data source

= 3.6.2 (12 October 2021)

Bugs:

• Ensure submissions appear when timezone setting puts submission ahead of current timestamp

= 3.6.1 (11 October 2021)

Bugs:

• Move sequence id from submission editing to metadata
• Use correct popup for autogenerate Add New modals

Changes:

• Ignore build files from commit

= 3.6.0 (04 October 2021)

Changes:

• Enable display of Caldera Forms submissions in Ninja Forms submission table

Bugs:

• Prevent button field from being used through search function

3.5.8.4 (14 June 2022)

Security Enhancements
* Apply more strict sanitization to merge tag values

= 3.5.8.3 (22 September 2021)

Bugs:

• Ensure sanitized values enables spaces between classNames

= 3.5.8.2 (21 September 2021)

Bugs:

• Ensure cached value of form is stored with sanitized value

= 3.5.8.1 (15 September 2021)

Bugs:

• Resolved security vulnerability of admin+ stored XSS on form design

= 3.5.8 (07 September 2021)

Bugs:

• Resolved security vulnerability in the submissions route. Responsibly reported by Chloe Chamberland at Wordfence.
• Resolved an issue that rarely caused submission to fail on forms containing a multiselect field.

Changes:

• Updated several of our build dependency packages.
• Automated build and deploy to SVN.

3.5.7 (5 July 2021)

Bugs:

• Resolved an error that was causing the plugin to crash on sites using a PHP version below 7.0.

3.5.6 (29 June 2021)

Bugs:

• Bulk resend email should now properly populate the email subject line instead of using a default value.
• Repeatable fieldset data should now display properly in the submission block.
• Corrected an issue that was preventing forms from displaying when repeatable fieldsets contained a date field, a rich text enabled paragraph field, or a field with a custom mask.
• When set, the submission limit should now be properly enforced on submissions made via forms loaded before the limit was reached.
• Move to trash should once more be available in the bulk actions on the submissions page.

3.5.5 (07 June 2021)

Changes:

• Added support for Google Recaptcha V3.
• Added a new option to resend email actions from the submissions table.
• Added the ability to export multiple form submission CSVs at once.
• Escape query args for enhanced security – Responsibly reported by Erwan at WP Scan

Bugs:

• Fixed a bug that caused an extra : to be shown in the date field on older forms.
• Fixed a bug with field settings that caused some settings to not show when they should have.
• Multiple Recaptchas on the same page should work properly.

3.5.4 (21 April 2021)

Changes:

• The Date Field is now the Date/Time Field. This field now allows for Date, Time, and Date & Time selection.

Bugs:

• Fixed a bug that caused ReCaptcha fields to fail if more than one appeared on the page.
• Fixed a conflict with iThemes that was causing a fatal error.

3.5.3 (1 April 2021)

Changes:

• Final deprecation phase of Ninja Forms 2.9x codebase.

3.5.2 (24 March 2021)

Changes:

• Removed some legacy settings that were no longer required for new installs.

Bugs:

• Resolved an issue that was causing errors when Array values were used in API requests.
• The Ninja Forms block should now fill the entire width of the block editor.
• Fixed an error that was causing a depreciated method warning when using the classic editor.
• Forms should now display again in Internet Explorer 11.
• Resolved an issue that was causing the Ninja Forms dashboard to crash if there was an issue with wp_cron.
• Fixed some PHP warnings related to our checkbox list field.

3.5.1 (17 February 2021)

Bugs:

• Resolved an issue that was always causing required checkbox list fields to throw a required error on submission.
• The Ninja Forms block should now properly display the form in the page editor if WordPress has been installed in a subdirectory.
• Cleaned up a few notices and warnings that were displaying on sites running PHP 8.

3.5.0 (15 February 2021)

Changes:

• Repeatable Fieldsets have arrived! For a quick look at how to get those setup, check out our new documenation for them.

Bugs:

• Our block editor code should now only load on pages where it is actually needed, leading to less page load time in the admin dashboard.

3.4.34.2 (14 June 2022)

Security Enhancements
* Apply more strict sanitization to merge tag values

3.4.34.1 (8 February 2021)

Security:

• Added a missing permissions check in our services connection manager reported responsibly by Chloe Chamberland at Wordfence.
• Patched a potential XSS vulnerability in our querystring merge tag.
• Added a missing filter that should have been excluding some personal information fields from the CSV attachment on Email Actions.

3.4.34 (25 January 2021)

Bugs:

• Forms should once again load properly in Internet Explorer 11.
• Single checkbox fields should now properly display their values in the submission table.
• Updated our dashboard styling to resolve an issue where some translations were resulting in action buttons being obscured.
• Restored drag and drop functionality for adding fields in the form builder.

Security:

• Patched a couple of vulnerabilities in our services oAuth controller reported responsibly by Chloe Chamberland at Wordfence.

3.4.33 (9 December 2020)

Bugs:

• Cleaned up a few conflicts with WordPress version 5.6.
  • Toggle switches in the form builder should now be working as expected.
  • Pre-selected options for lists should now persist properly in the form builder.
  • Element styling of some buttons should properly reflect the active or inactive status of the button.

3.4.32 (16 November 2020)

Bugs:

• Patched an issue with our new date field library that was causing it to display improperly on some mobile devices.

3.4.31 (12 November 2020)

Changes:

• Our date field library has been updated! For you developer types out there, we’ve switched from pikaday to flatpickr.
• Updated some of our form builder scripts in preparation for WordPress 5.6.

Bugs:

• Fixed a visual issue that sometimes allowed the Ninja Forms Dashboard view to extend beyond the width of the browser window.
• Resolved an error that sometimes caused an error message to appear when loading the Dashboard for the first time on a new installation.
• Resolved an error in our termslist field that caused the form builder to crash if you opened a form that was previously mapped to a term that had been deleted.
• Resolved an error that was sometimes causing PDF exports or emails with PDF attachments to fail.

3.4.30 (22 September 2020)

Bugs:

• Resolved an issue that was causing a fatal error on sites running PHP 5.6 or older.

3.4.29 (18 September 2020)

Bugs:

• Added missing dependency for our blocks.

3.4.28 (18 September 2020)

Changes:

• The Views Table Block has arrived!
• Updated the Ninja Forms Block to be more in-line with current Gutenberg conventions.
• Improved the efficiency of submission limit checks.
• The SendWP service can now be linked to the Ninja Forms dashboard.
• Apps & Integrations are now grouped by category for easier sorting.
• Updated color contrast of the form builder to be WCAG compliant.
• Custom Action now requires developer mode to be enabled.
• Updated the File Upload form template.

Bugs:

• Corrected improperly named filter for save action settings.
• Cleaned up some improperly escaped code on our get help page.
• Updated graphics associated with our add-ons to make them display properly.
• Corrected an issue that was causing the password field on our settings page to not properly save values.
• Increased the priority of our form builder class to ensure it properly loads over other elements on the page.
• Field duplication no longer improperly updates the target of calculations.
• Corrected the order of our submenu items.

Security:

• Added escaping for HTML content of fields in the submissions table.

3.4.27.1 (17 September 2020)

Security:

• Patched a CSRF vulnerability in our services integration reported responsibly by Slavco Mihajloski.
• Patched a validation bypass vulnerability in our email field.

3.4.27 (9 September 2020)

Bugs:

• Resolved an issue that sometimes caused the merge tag menu to not open properly in the form builder.

3.4.26 (25 August 2020)

Bugs:

• Sites with WP_DEBUG enabled should no longer display a deprecated parent error on PHP version 7.4.
• Resolved an issue that was preventing our Screen Options settings from being saved on the submissions page.

3.4.25 (12 August 2020)

Bugs:

• Resolved an issue that caused settings changed with a toggle switch to not be saved on WordPress 5.5.

3.4.24.3 (21 May 2020)

Security:

• Patched an HTML injection vulnerability in our deprecated 2.9x codebase reported responsibly by Dave Job.

Bugs:

• Corrected an error in our required field validation that was allowing targeted spam through the submission process.

3.4.24.2 (28 April 2020)

Security:

• Fixed Cross-Site Request Forgery(CSRF) to stored Cross-Site Scripting(XSS) reported responsibly by Ramuel Gall (Wordfence Threat Intelligence Team).

3.4.24.1 (5 March 2020)

Security:

• Patched an HTML injection vulnerability in our merge tag system. Many thanks to Tom Standley at ContainCo for practicing responsible disclosure.

3.4.24 (2 March 2020)

Bugs:

• User permission filters should now work as expected.
• Select image fields should now work properly when dev mode is disabled.
• Resolved an error that was causing php warnings on some API calls.
• Email settings should now properly read email addresses surrounded by <> characters.
• Resolved an error that was causing deprecated function warnings in php error logs.
• Forms with calculations should now display properly on sites using a “formal” language setting.
• Export should now properly appear as an option in the bulk actions on the submissions page.
• Resolved an error that was preventing the add-on manager from installing plugins.

Changes:

• Add-on updates will now enforce php requirements if the current version on the installation is below the minimum for the add-on.

3.4.23 (12 February 2020)

Security:

• Patched a delayed XSS vulnerability in our email action.
• Hardened the authorization security on our settings page.
• Patched a stored XSS vulnerability on our settings page.

Bugs:

• Ninja Forms should now properly honor user profile language settings if they are not the site default.
• Opening the form builder should no longer result in a php warning about an invalid argument.
• Cleaned up our publish code to avoid a few other php warnings.

Changes:

• Updated our event registration template to be more accessibility compliant.

3.4.22.1 (4 February 2020)

Security:

• Hardened the authorization security on several of our form endpoints.
• Audited all translation functions to prevent injection attacks.

3.4.22 (21 November 2019)

Bugs:

• The unique field restriction should no longer block payment actions from completing.
• Corrected an error that was preventing the current list of favorite fields from displaying in any location.
• Updated some of our builder styles to account for updates in WordPress 5.3.
• Corrected an error that sometimes caused the images in the select image field to not be found.
• Disabled an internal error logging function that was sometimes causing bloat in our database tables.

Changes:

• Email actions now support file attachments from the WordPress media library.

3.4.21 (11 November 2019)

Bugs:

• Added a missing label to our honeypot field, in case styling errors somehow make it visible.
• Removed an errant console message from our admin dashboard.
• Resolved an issue that was sometimes resulting in warnings being written to logs on form load.
• Modified our Gutenberg block to prevent it from displaying improperly on Bedrock installations.

Changes:

• The select image field has arrived!
• Added functionality for resetting the public link on a form.
• Forms in the dashboard can now be sorted by shortcode (ID).
• Added merge tags for form title, form id, and username (if authenticated).

3.4.20 (19 September 2019)

Bugs:

• Resolved an issue that was causing public links to fail on duplicated forms.
• The merge tag selector box in the form builder should no longer appear halfway off the page on smaller screen sizes.
• Long field keys should no longer cause the merge tag list to cover up the categories in the merge tag selector box.
• Resolved an issue that was causing some actions to fail after returning from a redirected payment gateway.
• List field options on imported forms should now appear in the correct order in the form builder.

3.4.19 (16 September 2019)

Bugs:

• Resolved an error that rarely caused form import to output as successful, when it had actually failed.
• The unique field restriction should no longer honor “nothing” as a valid value.
• Removed some deprecated dependencies that were throwing notices in the block editor.
• Updated list field item import in the form builder to make it less confusing.

3.4.18 (15 August 2019)

Bugs:

• SendWP registration should no longer cause an error when the SendWP plugin is already installed.
• Resolved an issue that was causing several of our action settings to display improperly in Firefox.
• Corrected a problem that was sometimes causing submission of forms with a PayPal action to fail.

Changes:

• Added currency support for the Chinese Yuan.

3.4.17 (12 August 2019)

Security:

• Removed an outdated template that was localizing a couple server variables.

Bugs:

• Currency masks should no longer prevent text fields from working properly in calculations.
• Cleaned up a few php notices due to older functions.
• Corrected the issue that was preventing required updates from completing. (Required updates remain disabled for the time being.)
• Number fields with a minimum value will now display that value as a placeholder, not a value.
• Switched the first and last name translations in our French translation pack.
• Added a missing attribute that was required by screen readers to the fields on our submission editor page.
• Resolved an error that was causing multi-select lists to not work properly in calculations.
• Submission limits should now be honored for forms that were displayed before the limit was reached.
• Dynamic option values should now work for ALL list types.
• Resolved an issue that was causing forms to display as code in some page builders.

Changes:

• The Advanced tab in the form builder should now communicate that developer mode is disabled, if that is the case.
• Added currency support for the Russian Ruble.

3.4.16 (19 June 2019)

Bugs:

• Temporarily disabled required updates in order to investigate a reported issue with them freezing.

3.4.15 (18 June 2019)

Bugs:

• Resolved an issue that sometimes caused the form dashboard to not display.

3.4.14 (18 June 2019)

Bugs:

• Resolved an issue that sometimes caused required updates to fail due to allowed server memory.
• Public form link should now be more reliable without needing to update site permalinks.
• Corrected a typo in the shortcode output of the Display Your Form settings.
• Dailed back our add-on updater script. It was checking for updates too often.
• Resolved an issue that was sometimes causing form submission to hang on processing, even though it had finished submitting data.
• Corrected a typo in the help text for auto-adding a submit button.
• Dynamic options in lists should now work properly everywhere, not just on form display.
• Fixed a couple of broken links on our Get Help page.
• The public link setting should no longer appear on the dashboard for forms where it is not enabled.

Changes:

• Updated our Details page in the WordPress repo.
• Date fields can no longer be added to calculations.

3.4.13 (17 May 2019)

Bugs:

• Restored the display of some action settings that were being improperly hidden in the form builder. (e.g. Stripe metadata and Update Profile custom meta.)
• Resolved an issue that sometimes caused submission to freeze when a required field was left empty.
• Forms should no longer fail to display when a total field is referenced in a calculation.

3.4.12 (13 May 2019)

Bugs:

• Updated our form load process to better account for reported excessive page load times.
• Resolved an issue that was causing various add-ons to behave strangely when there were multiple forms on a single page.

Changes:

• “Light” opinionated styles are now enabled by default on new Ninja Forms installations.

3.4.11 (7 May 2019)

Bugs:

• Multiple instances of the same form can now be loaded on a page.
• Resolved an issue that sometimes prevented favorite fields from being added to a form.
• Realistic preview of multiselect fields will now render more accurately in the builder.
• Resolved an issue that sometimes caused required updates to miscommunicate completion progress.
• Field keys should once more be accessible in submission filters.
• Querystring merge tags should no longer display their tags when the querystring is not present.
• Builder help texts should no longer contain unrendered HTML elements.

Changes:

• Added currency support for the Malaysian Ringgit.
• Added realistic field support for the save button and password field in the form builder.
• Some settings have been registered as developer options, which will be disabled by default to avoid settings clutter.
• Public links are now available for Ninja Forms! Found next to the publish button, public links provide form access to anyone with the link. Just copy and paste the unique URL and anyone can see and use your …