getting same issue today on multiple sites.
Hi, yes, I’m getting the same thing. One message every hour or so around the clock. The sender includes a real email address, so according to the plugin my message (thanks for contacting me I’ll get back to you) is going out to these real e-mail addresses. I can only think that there is either a hidden payload going out to those addresses that I can’t see or that this is some kind of hack. The subject and message from the form field are empty despite my specifying min and max lengths in Contact Form 7. Recaptcha is installed and apparently not working either. This appears to be a vulnerability in the Plugin’s code so I’m disabling until the developer responds.
I put up a capthcha, that seems to help
https://contactform7.com/recaptcha/
Unless mine suddenly stopped working, then it’s not helping me. I had Recaptcha installed from the start. Whatever is doing this is circumventing both the captcha and my subject and message size limits (the subject and message are both empty, “” even though I’ve set minimum and maximum sizes)
Anonymous User 14161236
(@anonymized-14161236)
Same here, on multiple sites.
Trying some honeypot plugin to catch the spammers.
The recaptcha integration stops my Lambda Oxygenna theme to respond for the send button. Literally does nothing, also the captcha doesn’t showing up.
@aszabo86 did the honeypot stop this? I have a feeling it won’t, because whatever is causing this is hacking the contact form 7 code. Switching over to Postman and SMTP did nothing to stop this, so this is not someone exploiting a vulnerability in PHP Mail. Also, since the max and min field length is violated and the form still sends, I don’t see why a honeypot would stop this. Someone is sending mail through Contact Form 7 on our site without using our forms.
