Description
Forms that grow with your business
As one of WordPress’ oldest form builders, we’re proud to serve users from around the world, from all walks of life, and from different stages of online growth. From the small businesses and local nonprofits that make up the core Ninja Forms user base to universities, hospitals, and even Fortune 500 companies, we’ll scale with you from startup to wherever you’re aiming for.
We’re committed to offering as many free, open source tools as we can get away with to back you up in the extremely price-conscious early days. As you grow, pick and choose only the premium features you need as you need them. We’ll grow with you from there for as far as you want to take us.
We’re also committed to respecting your privacy and time. No unsolicited emails or aggressive marketing. No paywalling basic features or scraping private data. We offer a fully staffed team of support experts and a comprehensive library of plugin documentation for all users, free and paid, to help keep you collecting the submissions that move your business forward.
We look forward to seeing where you’ll take us!
All the basics without the paywalls
When you’re starting out, even little expenses add up quickly. That’s why Ninja Forms core will always be free and open source. It’s why we try to offer as much in core as we can to cover your basic needs at no cost. Here’s a peek at some of what core has to offer.
Form Building Features
– 24+ FREE drag-and-drop form fields
– Customize fields with default values, specialty text, and much more
– Favorite and reuse any customized field
– Calculations: assign values to fields and calculate totals
– Merge tag system for pre-populating fields and passing field data between forms
– Configurable per-field submission storage for easy GDPR compliance
– Email notifications on submission (as many as you like, free!)
– Customizable success messages (supports links and downloads!)
– Redirect to new page after submission
– Customize callbacks to WP action hooks on submit
– Spam Protection: full integration with Google reCAPTCHA & Akismet
– Configurable form display settings
– Form restriction settings
– Unique field validation
– Unlimited forms & submissions
– Form Templates
– Form Import / Export
– Shareable forms (share the form via link without it being attached to a page)
– No aggressive marketing, pushy review asks, constant popups, or unsolicited emails
– Responsive and mobile friendly
– SEO friendly
Submission Management Features
– Unlimited FREE submissions
– Configurable submissions display
– Search and filter by field
– Search and filter by submitted value
– Search and filter by submission date
– Edit submitted values
– Refire any email notification from any submission
– Export to CSV
– Bulk submissions export
– Automated WordPress GDPR integration for export & delete data requests
– Mark fields as PII and selectively not store specific data
– All submissions stored locally on YOUR server only unless you specify otherwise
– We never see or collect your field or submission data
Dozens of buildable form types
– Contact form
– Email form
– Calculation form
– Lead form
– Quiz form
– Mortgage or Payment Calculator forms
– Quote and Cost Calculator forms
– Health and Fitness Calculator forms
– Polling form
– Survey form
– Lead Magnet Download form
– Event Registration form
– Sales form
– Appointment form
– Booking form
– Entry form
– Order form
– Lesson Plan form
– Job Application form
– RSVP form
– Request form
– Feedback form
– Support form
– GDPR Export or Delete Data Request forms
…and many more!
You get more than just a plugin
– Fully documented
– Regular updates
– FREE technical support
– Privacy and security minded
– Accessibility focused
– Translated into 24+ languages by the WordPress Polyglots team
– Long term partners of WPML for even more translations!
– Ecosystem aware: we know it’s not just you and Ninja Forms. We do our best to communicate and play nice with others.
Pick and choose just what you need as you need it
As you start to grow, so does what you need out of your forms. But there’s no need to dive into the deep end right away and spend more than is practical. All premium features are contained in add-ons to the core form builder and can be purchased independently. When you find yourself wanting just one or two things, you can grab just what you need without paying for extras.
When you’re ready for more, our membership plans bundle popular features together in budget friendly packages.
Select from 40+ add-ons across multiple categories:
Advanced Form Features
– Advanced Datepicker
– Conditional Logic
– File Uploads
– Layout & Styles
– Multi Step Forms
– Save Progress
– User Analytics
– User Management
Submissions Extended
– Excel Export
– Front End Posting
– PDF Form Submissions
– Scheduled Submissions Export
Accept Payments
– Authorize.net
– Elavon
– PayPal official partner
– Recurly
– Stripe
Email Marketing
– Active Campaign
– AWeber
– Campaign Monitor
– CleverReach
– Constant Contact
– ConvertKit
– EmailOctopus
– Emma
– Mailchimp
– MailPoet
CRMs
– Capsule
– CiviCRM
– HubSpot *official partners
– Insightly
– OnePageCRM
– PipelineDeals
– Salesforce
– Zoho CRM
Notifications & Workflow
– ClickSend SMS
– Help Scout
– Slack
– Trello
– Twilio SMS
Automation
– Webhooks
– Zapier official partners
The sky’s the limit on what you can build with add-on features, but here are some of the most popular forms we see in the wild:
- Payment forms
- Donation forms
- Signup forms
- User Registration form
- Newsletter forms
- CRM forms
- User Registration form
- Login forms
- Upload forms
- Google Sheets forms
- Post Creation forms
Notes
We’ve been standing by our product and our users for over a decade, working to make your experience the best it can be. We’re one of the only form builders around that offers support for all users, whether you’ve made a purchase or not.
If you have any questions or suggestions, we’re always happy to hear from you. We have a dedicated support team with team members that span four continents standing by to help with technical questions every Monday to Friday. General feedback is always welcome too. It’s a big part of how we figure out what to do next, so chime in any time!
You’ll always have a direct line to us right here!
Additional Branding and Trademark Information
Ninja Forms® is a registered trademark of Saturday Drive INC. We are a WordPress forms or WP forms builder, not to be confused with the independent WPForms brand for WordPress. All official Ninja Forms add-ons and memberships can be found on our official website, ninjaforms.com.
Screenshots
Installation
This section describes how to install the plugin and get it working.
1. Upload the ninja-forms
plugin folder to your /wp-content/plugins/
directory
2. Activate the plugin through the ‘Plugins’ menu in WordPress
3. Visit the ‘Ninja Forms’ menu item in your admin sidebar
FAQ
-
Do I have to pay to see my form submissions?
-
No, Ninja Forms does not paywall submissions. You can view, edit, export, and more from Ninja Forms > Submissions with the core, free plugin. No purchase necessary.
-
What free form fields are included in the form builder?
-
- Date/Time
- Single Checkbox
- Checkbox List
- Radio List
- Select List
- Multi-Select List
- Select Image List
- Single Line Text
- Paragraph Text
- Submit
- First Name
- Last Name
- Email Address
- Phone Number
- Address
- City
- US States
- Country
- Zip Code
- HTML
- Divider
- Repeatable Fieldset
- Confirm
- Hidden
- Number
- reCAPTCHA
- Anti Spam
- Star Rating
-
Is Ninja Forms GDPR compliant?
-
Yes. All user submitted data is stored locally on your server only, unless you expressly configure the plugin to send it elsewhere, for example via an email action. We never see or collect any user submitted data, nor do we act as Data Controllers or Data Processors per GDPR Article 4 for any data submitted by users of the forms you create. Your forms can be configured to flag and/or not record Personally Identifiable Information (PII) on a per form basis. If you do collect PII using Ninja Forms, you can automate export or delete data requests.
-
Is Ninja Forms HIPAA compliant?
-
Ninja Forms can be and is used on sites that require HIPAA compliance, but overall compliance depends on factors outside of the control of any WordPress form builder.
-
Can I send email with Ninja Forms?
-
Yes! Any number of emails can be sent to any number of recipients anytime a contact form is submitted. Every email triggered by a contact form submission can be customized in the form builder, including the presentation of the form submission data. Attachments are supported (and can include file uploads from the form). These form emails can also be sent conditionally based on specific triggers, and can be set up to include a PDF copy of the form.
-
What types of forms can I build with Ninja Forms?
-
- Contact form
- Email form
- Calculation form
- Lead form
- Quiz form
- Mortgage or Payment Calculator forms
- Quote and Cost Calculator forms
- Health and Fitness Calculator forms
- Polling form
- Survey form
- Lead Magnet Download form
- Event Registration form
- Sales form
- Appointment form
- Booking form
- Entry form
- Order form
- Lesson Plan form
- Job Application form
- RSVP form
- Request form
- Feedback form
- Support form
- Export or Delete Data Request forms
- Payment forms
- Donation forms
- Signup form
- User Registration form
- Newsletter forms
- CRM forms
- Conditional lead form
- Scorable lead form
- User Registration form
- Paid registration form
- Login forms
- Upload forms
- Google Sheets forms
- Post Creation forms
…and many more!
-
Can I connect Ninja Forms to my CRM or Email Marketing service?
-
Almost certainly. The contact form builder integrates directly with over a dozen email marketing and CRM services including MailChimp, Constant Contact, ActiveCampaign, HubSpot, Salesforce, Insightly, Zoho, and many more.
Ninja Forms also integrates with 1,000+ other popular services through our Zapier integration.
-
Can I import / export forms and fields with Ninja Forms?
-
Yes, both forms and custom fields (any field you customize and designate as a favorite field) can be exported and imported between sites.
Reviews
Contributors & Developers
“Ninja Forms – The Contact Form Builder That Grows With You” is open source software. The following people have contributed to this plugin.
Contributors“Ninja Forms – The Contact Form Builder That Grows With You” has been translated into 26 locales. Thank you to the translators for their contributions.
Translate “Ninja Forms – The Contact Form Builder That Grows With You” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
3.8.17 (01 October 2024)
Bug Fixes:
– Ensure help text is mobile responsive for single checkbox, single line text, paragraph text
– Prevent non-required blank email field failing validation
– Replace hard-coded strings for translation
3.8.16 (17 September 2024)
Bug Fixes:
– Ensure sanitation of email address for merge tag
– Prevent maintenance mode interception
3.8.15 (10 September 2024)
Bug Fixes:
– Ensure “From Address” email warning shows
– Prevent JS error on datepicker inside fieldset repeater
Other:
– Add PHP compatibility tests
– Add usage telemetry data
3.8.14 (03 September 2024)
Bug Fixes:
– Ensure submissions page form filter finds form titles
– Provide PHP 7.4 support for jsonSerialize method call
– Ensure hCaptcha field functions when safe-listed
Other:
– JS library updates
3.8.13 (26 August 2024)
Bug Fixes:
– Prevent mouse scroll wheel from updating currency masked fields – Issues
– Resolved an error where required field validation was not always firing properly on masked fields
– Correct list value tooltip styling error for Safari and Firefox
– A repeatable fieldset that has triggered a required error maintains the error when the repeatable fieldset is deleted
– First Repeated Fieldset’s data is not captured when deleting one of the sets
– Ensure form displays in WP Bakery without needing to refresh page
Other:
– Correct deprecation warnings in SCSS files
– Library updates: The updates affect the structure of the components – mounting and data flow – and the blocks and styling
– Set security resolution for Axios as a dependency of our dependencies
– Reorganize cypress tests
– Add unit tests
– Add initial usage data to telemetry
– High impact accessibility factor corrections
3.8.12 (13 August 2024)
Bug Fixes:
– Validate label settings on change event
3.8.11 (07 August 2024)
Bug Fixes:
– Prevent unused key values on Survey Promo link
3.8.10 (05 August 2024)
Bug Fixes:
– Submissions Table block not displayed on published page on some themes
– Phone field not disabled when expected
– calc value option of list fields not set with help text
– Submission page tooltip icon not displayed on environment not using conventional plugins folder path
Other:
– @wordpress dependencies updates
3.8.9 (29 July 2024)
Bug Fixes:
– Submissions Block not showing all submissions data.
– Fix deleted repeater field missing required data halting submission
– Add “Administration” section for all fields
– Add missing check_admin_referrer parameter
– Sort by Shortcode on forms page as numerical
– Accessibility: update field description and screen readers
– Enable hidden fields in the unique field
– Fix display Form iFrame in Elementor editor
Other:
– Refactor telemetry dispatch to add unit tests
3.8.8 (22 July 2024)
Bug Fixes:
– Ensure submissions page and Append Ninja Form block are visible on WP 6.6
Other:
– Update readme ‘tested up to’ and ‘requires at least’
3.8.7 (15 July 2024)
Bug Fixes:
– prevent licensing CSRF
3.8.6 (8 July 2024)
Bug Fixes:
– prevent deprecated false to array notice in preview
– prevent undefined array key ‘plugin’ warning in class extension updater
– prevent invalid date error when setting default date format to “j F Y” on non-English languages
Other:
– automated test for version number
– update wordpress library packages
– add documentation links to settings in the form builder
3.8.5 (13 June 2024)
Bug Fixes:
– Protect preview query parameters
3.8.4 (28 May 2024)
Bug Fixes:
– Ensure first name field populates only first, not full, name
– Enable personally identifiable setting outside of dev mode
– Add merge tags ‘other’ for random, year, month, day
Other:
– Set version resolutions for certain packages
– Improve discoverability of available actions
– Update marketing feed
3.8.3 (1 May 2024)
Bug Fixes:
– Ensure fieldset repeaters function on index values ending in 0 (10, 20, etc)
Other:
– Update tests to run on 6.5.2
3.8.2 (29 March 2024)
Bug Fixes:
– Allow default span tags in form labels
3.8.1 (27 March 2024)
Bug Fixes:
– Ensure submission exports can’t be called from any unintended pages
– Prevent injected scripts into submit button and advanced labels
– Prevent XSS on image lists
Other:
– Update add-on images
3.8.0 (20 February 2024)
Features:
– Add ‘referer URL’ merge tag
Bug Fixes:
– Prevent display error when date format is not set
– Ensure current date stored when default is not modified
– Ensure translation of date strings
Other:
– Add user help text and images
– Add automated tests
3.7.3 (12 February 2024)
Bug Fixes:
– Update code for PHP 8.3
Other:
– Add in-app documentation text and links
– Add scroll bar for long vertical content
3.7.2 (29 January 2024)
Bug Fixes:
– Prevent form display on password protected page
– Sanitize email address on data export request; responsibly reported by stealthcopter via Wordfence
3.7.1 (23 January 2024)
Bug Fixes:
– Prevent deprecated warning from license updater
– Ensure date picker calendar view honors date range year limits
– Improved management of submission expiration request
– Prevent autocomplete on fields set to disable autocomplete
– Prevent error when fetching add-on list
Other:
– Add second “Add New Field” control for enhanced user experience
– Update JS libraries
– Update WP scripts and block utilities
– Update UTM links
3.7.0 (07 November 2023)
- Features:*
- Ability to preserve ‘extra’ data after redirect
Bug Fixes:
– Ensure extra data on CSV export is in correct chronological order
Other:
– Updated end to end test
3.6.34 (11 October 2023)
Bug Fixes:
– Prevent script triggers in field labels
– Ensure needed export data present before action
Other:
– Update to country list
– Close notice from bulk export results
3.6.33 (3 October 2023)
Bug Fixes:
– Error re-triggering email action when PDF is active
– Display anonymized repeater field data in submissions
– Error on missing class name
– Remove Max-width CSS being applied to form content
– misspelled text fixes
Other
– Dependencies bumps= 3.6.32 (21 September 2023) =
Bug Fixes:
– rePrints data on the template for the frontend in order to prevent conflicts with other plugins
– checks if the description of fields in the builder is set before running trim
3.6.31 (19 September 2023)
Bug Fixes:
– Fixes form not displaying and form stuck on processing from jQuery trim() failure on non-string
Other:
– Remove old promotions banner
3.6.30 (14 September 2023)
Bug Fixes:
– Form should now submit properly if submit button label and processing label match.
– Ensure forms display on themes using wp_localize_script
Other:
– Remove support for NF 2.9
– JS dependency updates: update to React 18, WordPress block editor/scripts/server side render/i18n, babel-jest, core-js
3.6.29 (16 August 2023)
Bug fixes:
* Fix submission retrieval error missing submissions within time stamp on date
* Ensure 7.4-required functionality doesn’t trigger warnings
Other:
* Update library for autonumeric, WP scripts
* Update tested up to, now 6.3 was 6.2.2
3.6.28 (06 July 2023)
Bug fixes:
* Correct issue that prevented form deletion
3.6.27 (04 July 2023)
Bug fixes:
* Use static call for class name for PHP 7 support
3.6.26 (04 July 2023)
Other:
* Ensure minimum required version on packages
Security Enhancements:
* Prevent unauthorized download of submission
* Prevent scripts in dashboard field labels; responsibly reported by Sayandeep Dutta
* Prevent front-facing label scripts; responsibly reported by Jonathon Zamora & www.ads-software.com
* Prevent excess extra data through automated form submission
* Prevent override access where not permitted
3.6.25 (14 June 2023)
Bug Fixes:
– Remove duplicate radio bubble on opionated styles mobile
– Restrict delete file route to uploads directory
Other:
– Bump @wordpress/jest-preset-default from 10.9.0 to 11.4.0 #6579
– Bump core-js from 3.30.1 to 3.30.2 #6578
– Bump axe-core from 4.7.0 to 4.7.1 #6577
– Bump @wordpress/components from 23.9.0 to 24.0.0 #6576
– Bump @babel/core from 7.21.5 to 7.21.8 #6575
– Prototype Pollution in lodash
– Regular Expression Denial of Service in trim
– glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex
– Uncontrolled Resource Consumption in trim-newlines
– Inefficient Regular Expression Complexity in nth-check
3.6.24 (12 May 2023)
Bug Fixes:
– Prevent bypass of required field with modified data
– Prevent datepicker to break the view when set with 0 minutes increment
– Prevent Submit button to double submit a form
3.6.23 (26 April 2023)
Bug Fixes:
– Ensure HTML fields load merge data
– Add fieldset repeater uploads to CSV and emails
3.6.22 (20 April 2023)
Bug Fixes:
– Prevent possible XSS vulnerability
3.6.21 (12 April 2023)
Bug Fixes:
– Ensure cron_interval value is integer
– Ensure option definition value has fallback value
– Ensure cache update process doesn’t break on errant stored data
– Replace deprecated use of self in callable
– Use form Id to filter field searches for faster response
3.6.20 (14 March 2023)
Bug Fixes:
– Error management in Repeater fieldsets (fields inside repeater fieldsets now respond to frontend validation)
– Display repeater field data in HTML field via merge tags
– Include Repeater data in CSVs when the repeater wasn’t repeated
– Display repeater data in retrigger email actions (and its CSV)
– Display Correct repeater child fields labels in emails
– Display repeater description on form
– Ensure correct rendering of date field in repeaters
– CSVs now display repeaters data as one row for each fieldset
Fixes for extensions:
– Save progress display repeater field without errors
– Multi-part compatibility display repeater field, with merge tags and data saved correctly
3.6.19 (22 February 2023)
Bug Fixes:
– Migrate/update jBox library
– Ensure language filter results are passed to downstream filters
– Prevent non-string math error
Other:
– Add version checks for extensions
3.6.18 (16 February 2023)
Bug Fixes:
– Prevent deprecated warning null preg_match_all
– Ensure empty form does not throw error on preview
– Ensure array for currency doesn’t throw fatal error
– Declare previously undeclared properties (PHP 8)
– Prevent undefined array key error
– Ensure missing key in recaptcha field doesn’t fail
3.6.17 (8 February 2023)
Bug Fixes:
– Ensure HTML injected in label is sanitized
– Correct typo in date format for option DD/MM/YYYY
– Ensure GMT offset setting does not prevent submissions page display
– Prevent deprecated notice on empty merge tag “other”
– Prevent deprecated notice for jsonSerialize
– Prevent deprecated notice for passing null value
3.6.16 (18 January 2023)
Bug Fixes:
* Import buffer class to re-enable download as PDF
Other Enhancements:
* Add code coverage reporting
3.6.15 (10 January 2023)
Bug Fixes:
* Resolves add-on manager fatal error
* Prevents image in HTML loading error for WP 6.1
* Correct multiple accessibility warnings
* Enables empty step in number field
* Enables default zero value
Other Enhancements:
* Update ‘tested to’
* Set resolutions to prevent vulnerable child dependencies
3.6.14 (2 September 2022)
Bug Fixes:
* Fixes an issue with trailing commas
* Fixes an issue for some users on PHP7.4 and below.
Other Enhancements:
* Update ‘tested to’
3.6.13 (30 August 2022)
Bug Fixes:
* Prevent object wakeup in unserialize
* Correct errant variable name is submissions check
Other Enhancements:
* Smart suggestions for extensions
* Update ‘tested to’
3.6.12 (22 June 2022)
Bug Fixes:
* Fixed naming collision with reCaptcha cookie check
* HTML re-enabled in field labels for users with correct capabilities
* Removed orphaned repeater field setting from advanced settings
* Fixed form imports for non-UTF-8 encoded files
3.6.11 (14 June 2022)
Security Enhancements
* Apply more strict sanitization to merge tag values
3.6.10 (07 June 2022)
Bug Fixes:
* Retrigger emails from Submissions page if form only has 1 Email Action
* Invalid Date message triggered by Date Picker Field
* Typo in Delete Form popup
* Importing a form sets the Step value of any Number field to 1, regardless of the Export value
* Front End Checkbox/Radio lists are not keyboard accessible
* Form Preview Page does not work in themes that enable full site editor
* Public link not working in some themes
* Checkbox Fields with a checked calc value of 0 evaluate to 1 in JS
* Activating Layouts & Styles removes merge tags from email actions until the form is republished
* Trigger error when cookies for reCaptcha v3 were not allowed ( Implemented with hooks )
* Submissions page select dates filter restored
Security Enhancements
* Improve escaping on field template labels and values reported responsibly by Ryan at WP Scan
* Improve sanitization of label values
* Improve authorization check for field imports
3.6.9 (24 March 2022)
Bug Fixes:
Restore “Download All Submissions” functionality
= 3.6.8 (14 March 2022)
Bug Fixes:
Correct Repeatable Fieldset CSV output, was Array Array Array
Add “Trash” view to React submissions page
Fix broken submission view when Date field added to converted CF form
Security Enhancements
Remove CSV temp files stored in publicly accessible location, reported responsibly by Agence Web Coheractio – Paris at https://www.coheractio.com
= 3.6.7 (30 November 2021)
Bug Fixes:
- Fix Danish/Finnish language halts submissions page display
- Exclude confirm field from submission data
- Scroll list fields to prevent extremely tall rows
- Correctly display checkbox value in submission table
- Fix PHP warning on column control
- Remove note, html, submit, confirm fields from CSV export
- Use set date format on CSV export
- Prevent XSS in form title
= 3.6.6 (15 November 2021)
Bug Fixes:
- Rename ‘store submission’ to record submission’
- Enable extra data column headers in CSV export
- Use admin labels in tables and export
= 3.6.5 (04 November 2021)
Bug Fixes:
- Ensure submission column selections are remembered for next viewing
- Ensure date time is properly displayed in submission popup editor
- Display calculations metabox in submissions
- Add temporary submissions page rollback option
- Fix failing search results on submissions page
- Ensure checkbox displays correct value, not always ‘checked’
= 3.6.4 (25 October 2021)
Bugs:
- Prevent data timeout error by reducing size of initial submission request
- Prevent SQL injection from field key
- Prevent overwriting of ConvertKit action name during import
- Ensure forms that don’t have email actions appear in submission page list
= 3.6.3 (18 October 2021)
Bugs:
- Update submission link on form dashboard
- Check for CF database before adding CF data source
= 3.6.2 (12 October 2021)
Bugs:
- Ensure submissions appear when timezone setting puts submission ahead of current timestamp
= 3.6.1 (11 October 2021)
Bugs:
- Move sequence id from submission editing to metadata
- Use correct popup for autogenerate Add New modals
Changes:
- Ignore build files from commit
= 3.6.0 (04 October 2021)
Changes:
- Enable display of Caldera Forms submissions in Ninja Forms submission table
Bugs:
- Prevent
button
field from being used through search function
3.5.8.4 (14 June 2022)
Security Enhancements
* Apply more strict sanitization to merge tag values
= 3.5.8.3 (22 September 2021)
Bugs:
- Ensure sanitized values enables spaces between classNames
= 3.5.8.2 (21 September 2021)
Bugs:
- Ensure cached value of form is stored with sanitized value
= 3.5.8.1 (15 September 2021)
Bugs:
- Resolved security vulnerability of admin+ stored XSS on form design
= 3.5.8 (07 September 2021)
Bugs:
- Resolved security vulnerability in the submissions route. Responsibly reported by Chloe Chamberland at Wordfence.
- Resolved an issue that rarely caused submission to fail on forms containing a multiselect field.
Changes:
- Updated several of our build dependency packages.
- Automated build and deploy to SVN.
3.5.7 (5 July 2021)
Bugs:
- Resolved an error that was causing the plugin to crash on sites using a PHP version below 7.0.
3.5.6 (29 June 2021)
Bugs:
- Bulk resend email should now properly populate the email subject line instead of using a default value.
- Repeatable fieldset data should now display properly in the submission block.
- Corrected an issue that was preventing forms from displaying when repeatable fieldsets contained a date field, a rich text enabled paragraph field, or a field with a custom mask.
- When set, the submission limit should now be properly enforced on submissions made via forms loaded before the limit was reached.
- Move to trash should once more be available in the bulk actions on the submissions page.
3.5.5 (07 June 2021)
Changes:
- Added support for Google Recaptcha V3.
- Added a new option to resend email actions from the submissions table.
- Added the ability to export multiple form submission CSVs at once.
- Escape query args for enhanced security – Responsibly reported by Erwan at WP Scan
Bugs:
- Fixed a bug that caused an extra : to be shown in the date field on older forms.
- Fixed a bug with field settings that caused some settings to not show when they should have.
- Multiple Recaptchas on the same page should work properly.
3.5.4 (21 April 2021)
Changes:
- The Date Field is now the Date/Time Field. This field now allows for Date, Time, and Date & Time selection.
Bugs:
- Fixed a bug that caused ReCaptcha fields to fail if more than one appeared on the page.
- Fixed a conflict with iThemes that was causing a fatal error.
3.5.3 (1 April 2021)
Changes:
- Final deprecation phase of Ninja Forms 2.9x codebase.
3.5.2 (24 March 2021)
Changes:
- Removed some legacy settings that were no longer required for new installs.
Bugs:
- Resolved an issue that was causing errors when Array values were used in API requests.
- The Ninja Forms block should now fill the entire width of the block editor.
- Fixed an error that was causing a depreciated method warning when using the classic editor.
- Forms should now display again in Internet Explorer 11.
- Resolved an issue that was causing the Ninja Forms dashboard to crash if there was an issue with wp_cron.
- Fixed some PHP warnings related to our checkbox list field.
3.5.1 (17 February 2021)
Bugs:
- Resolved an issue that was always causing required checkbox list fields to throw a required error on submission.
- The Ninja Forms block should now properly display the form in the page editor if WordPress has been installed in a subdirectory.
- Cleaned up a few notices and warnings that were displaying on sites running PHP 8.
3.5.0 (15 February 2021)
Changes:
- Repeatable Fieldsets have arrived! For a quick look at how to get those setup, check out our new documenation for them.
Bugs:
- Our block editor code should now only load on pages where it is actually needed, leading to less page load time in the admin dashboard.
3.4.34.2 (14 June 2022)
Security Enhancements
* Apply more strict sanitization to merge tag values
3.4.34.1 (8 February 2021)
Security:
- Added a missing permissions check in our services connection manager reported responsibly by Chloe Chamberland at Wordfence.
- Patched a potential XSS vulnerability in our querystring merge tag.
- Added a missing filter that should have been excluding some personal information fields from the CSV attachment on Email Actions.
3.4.34 (25 January 2021)
Bugs:
- Forms should once again load properly in Internet Explorer 11.
- Single checkbox fields should now properly display their values in the submission table.
- Updated our dashboard styling to resolve an issue where some translations were resulting in action buttons being obscured.
- Restored drag and drop functionality for adding fields in the form builder.
Security:
- Patched a couple of vulnerabilities in our services oAuth controller reported responsibly by Chloe Chamberland at Wordfence.
3.4.33 (9 December 2020)
Bugs:
- Cleaned up a few conflicts with WordPress version 5.6.
- Toggle switches in the form builder should now be working as expected.
- Pre-selected options for lists should now persist properly in the form builder.
- Element styling of some buttons should properly reflect the active or inactive status of the button.
3.4.32 (16 November 2020)
Bugs:
- Patched an issue with our new date field library that was causing it to display improperly on some mobile devices.
3.4.31 (12 November 2020)
Changes:
- Our date field library has been updated! For you developer types out there, we’ve switched from pikaday to flatpickr.
- Updated some of our form builder scripts in preparation for WordPress 5.6.
Bugs:
- Fixed a visual issue that sometimes allowed the Ninja Forms Dashboard view to extend beyond the width of the browser window.
- Resolved an error that sometimes caused an error message to appear when loading the Dashboard for the first time on a new installation.
- Resolved an error in our termslist field that caused the form builder to crash if you opened a form that was previously mapped to a term that had been deleted.
- Resolved an error that was sometimes causing PDF exports or emails with PDF attachments to fail.
3.4.30 (22 September 2020)
Bugs:
- Resolved an issue that was causing a fatal error on sites running PHP 5.6 or older.
3.4.29 (18 September 2020)
Bugs:
- Added missing dependency for our blocks.
3.4.28 (18 September 2020)
Changes:
- The Views Table Block has arrived!
- Updated the Ninja Forms Block to be more in-line with current Gutenberg conventions.
- Improved the efficiency of submission limit checks.
- The SendWP service can now be linked to the Ninja Forms dashboard.
- Apps & Integrations are now grouped by category for easier sorting.
- Updated color contrast of the form builder to be WCAG compliant.
- Custom Action now requires developer mode to be enabled.
- Updated the File Upload form template.
Bugs:
- Corrected improperly named filter for save action settings.
- Cleaned up some improperly escaped code on our get help page.
- Updated graphics associated with our add-ons to make them display properly.
- Corrected an issue that was causing the password field on our settings page to not properly save values.
- Increased the priority of our form builder class to ensure it properly loads over other elements on the page.
- Field duplication no longer improperly updates the target of calculations.
- Corrected the order of our submenu items.
Security:
- Added escaping for HTML content of fields in the submissions table.
3.4.27.1 (17 September 2020)
Security:
- Patched a CSRF vulnerability in our services integration reported responsibly by Slavco Mihajloski.
- Patched a validation bypass vulnerability in our email field.
3.4.27 (9 September 2020)
Bugs:
- Resolved an issue that sometimes caused the merge tag menu to not open properly in the form builder.
3.4.26 (25 August 2020)
Bugs:
- Sites with WP_DEBUG enabled should no longer display a deprecated parent error on PHP version 7.4.
- Resolved an issue that was preventing our Screen Options settings from being saved on the submissions page.
3.4.25 (12 August 2020)
Bugs:
- Resolved an issue that caused settings changed with a toggle switch to not be saved on WordPress 5.5.
3.4.24.3 (21 May 2020)
Security:
- Patched an HTML injection vulnerability in our deprecated 2.9x codebase reported responsibly by Dave Job.
Bugs:
- Corrected an error in our required field validation that was allowing targeted spam through the submission process.
3.4.24.2 (28 April 2020)
Security:
- Fixed Cross-Site Request Forgery(CSRF) to stored Cross-Site Scripting(XSS) reported responsibly by Ramuel Gall (Wordfence Threat Intelligence Team).
3.4.24.1 (5 March 2020)
Security:
- Patched an HTML injection vulnerability in our merge tag system. Many thanks to Tom Standley at ContainCo for practicing responsible disclosure.
3.4.24 (2 March 2020)
Bugs:
- User permission filters should now work as expected.
- Select image fields should now work properly when dev mode is disabled.
- Resolved an error that was causing php warnings on some API calls.
- Email settings should now properly read email addresses surrounded by <> characters.
- Resolved an error that was causing deprecated function warnings in php error logs.
- Forms with calculations should now display properly on sites using a “formal” language setting.
- Export should now properly appear as an option in the bulk actions on the submissions page.
- Resolved an error that was preventing the add-on manager from installing plugins.
Changes:
- Add-on updates will now enforce php requirements if the current version on the installation is below the minimum for the add-on.
3.4.23 (12 February 2020)
Security:
- Patched a delayed XSS vulnerability in our email action.
- Hardened the authorization security on our settings page.
- Patched a stored XSS vulnerability on our settings page.
Bugs:
- Ninja Forms should now properly honor user profile language settings if they are not the site default.
- Opening the form builder should no longer result in a php warning about an invalid argument.
- Cleaned up our publish code to avoid a few other php warnings.
Changes:
- Updated our event registration template to be more accessibility compliant.
3.4.22.1 (4 February 2020)
Security:
- Hardened the authorization security on several of our form endpoints.
- Audited all translation functions to prevent injection attacks.
3.4.22 (21 November 2019)
Bugs:
- The unique field restriction should no longer block payment actions from completing.
- Corrected an error that was preventing the current list of favorite fields from displaying in any location.
- Updated some of our builder styles to account for updates in WordPress 5.3.
- Corrected an error that sometimes caused the images in the select image field to not be found.
- Disabled an internal error logging function that was sometimes causing bloat in our database tables.
Changes:
- Email actions now support file attachments from the WordPress media library.
3.4.21 (11 November 2019)
Bugs:
- Added a missing label to our honeypot field, in case styling errors somehow make it visible.
- Removed an errant console message from our admin dashboard.
- Resolved an issue that was sometimes resulting in warnings being written to logs on form load.
- Modified our Gutenberg block to prevent it from displaying improperly on Bedrock installations.
Changes:
- The select image field has arrived!
- Added functionality for resetting the public link on a form.
- Forms in the dashboard can now be sorted by shortcode (ID).
- Added merge tags for form title, form id, and username (if authenticated).
3.4.20 (19 September 2019)
Bugs:
- Resolved an issue that was causing public links to fail on duplicated forms.
- The merge tag selector box in the form builder should no longer appear halfway off the page on smaller screen sizes.
- Long field keys should no longer cause the merge tag list to cover up the categories in the merge tag selector box.
- Resolved an issue that was causing some actions to fail after returning from a redirected payment gateway.
- List field options on imported forms should now appear in the correct order in the form builder.
3.4.19 (16 September 2019)
Bugs:
- Resolved an error that rarely caused form import to output as successful, when it had actually failed.
- The unique field restriction should no longer honor “nothing” as a valid value.
- Removed some deprecated dependencies that were throwing notices in the block editor.
- Updated list field item import in the form builder to make it less confusing.
3.4.18 (15 August 2019)
Bugs:
- SendWP registration should no longer cause an error when the SendWP plugin is already installed.
- Resolved an issue that was causing several of our action settings to display improperly in Firefox.
- Corrected a problem that was sometimes causing submission of forms with a PayPal action to fail.
Changes:
- Added currency support for the Chinese Yuan.
3.4.17 (12 August 2019)
Security:
- Removed an outdated template that was localizing a couple server variables.
Bugs:
- Currency masks should no longer prevent text fields from working properly in calculations.
- Cleaned up a few php notices due to older functions.
- Corrected the issue that was preventing required updates from completing. (Required updates remain disabled for the time being.)
- Number fields with a minimum value will now display that value as a placeholder, not a value.
- Switched the first and last name translations in our French translation pack.
- Added a missing attribute that was required by screen readers to the fields on our submission editor page.
- Resolved an error that was causing multi-select lists to not work properly in calculations.
- Submission limits should now be honored for forms that were displayed before the limit was reached.
- Dynamic option values should now work for ALL list types.
- Resolved an issue that was causing forms to display as code in some page builders.
Changes:
- The Advanced tab in the form builder should now communicate that developer mode is disabled, if that is the case.
- Added currency support for the Russian Ruble.
3.4.16 (19 June 2019)
Bugs:
- Temporarily disabled required updates in order to investigate a reported issue with them freezing.
3.4.15 (18 June 2019)
Bugs:
- Resolved an issue that sometimes caused the form dashboard to not display.
3.4.14 (18 June 2019)
Bugs:
- Resolved an issue that sometimes …