Changelog
Ninja Forms Releases
3.14.6 (June 10, 2026)
Bug Fixes:
- fix PHP warnings when retriggering emails from submissions page
- fix bulk export returning no results when selecting a single day
3.14.5 (May 19, 2026)
Bug Fixes:
- fix Rich Text Editor content displaying as raw HTML in submissions modal
- fix HTML entity decoding in Rich Text Editor fields
- fix Quill Rich Text Editor inline text alignment not being preserved
- fix unordered list content being stripped in Quill Rich Text Editor
- fix ordered list items getting unwanted markup injected in Quill Rich Text Editor
- limit telemetry to admin only
3.14.4 (May 11, 2026)
Bug Fixes:
- fix repeater field data showing as “Array” in email CSV attachments
- fix mixed content blocking CSV downloads
- fix CSV export with multiple repeater fields
- fix repeater fieldset data misalignment in CSV exports
- fix phone numbers with plus sign getting apostrophe prefix in CSV
- fix decimal precision loss in number fields
- fix form title showing blank for accessibility compliance
- fix Quill Rich Text Editor placeholder initialization
- fix merge tags with spaces in names not being recognized
- fix PHP 8.4 nullable type deprecation warnings
3.14.3 (April 29, 2026)
Bug Fixes:
- fix Quill.js Rich Text Editor table functionality not working properly
- fix HTML being sanitized/stripped when saving Quill.js RTE content
- fix Quill.js CSS conflicts with certain add-ons
- fix ESC key removing HTML content from success messages with calculations
- fix PHP warning for undefined array key “payment_total_type”
- fix radio and checkbox field alignment for RTL languages
Enhancements:
- improve color contrast for form names on dashboard to meet WCAG 2.2 AA standards
- improve color contrast for “Add New” button on dashboard to meet WCAG AA standards
- add ARIA attributes, keyboard navigation, and focus styles to Quill.js RTE
3.14.2 (March 4, 2026)
Bug Fixes:
- fix missing payment data and blank CSV issues in submission exports
- prevent premature deletion of submissions less than 24 hours old
- checkbox merge tags now display custom values instead of 1/0
- fix merge tag population when retriggering emails from Submissions page
- decode HTML entities for Rich Text Editor fields in CSV exports
- fix invalid date display in Dashboard for imported/duplicated forms
- fix calculation merge tags with extra text in hidden fields
Security Enhancements:
- protect block token/refresh endpoint against unauthorized access
- add capability check to render_callback for blocks
3.14.1 (February 2, 2026)
Bug Fixes:
- fix drawer close button not working after merge tag insertion
- fix token visibility issue in submissions table block
- remove tabindex from radio lists for accessibility compliance
Enhancements:
- replace Summernote with Quill.js for Rich Text Editor
- improve star rating field accessibility sizing
Security Enhancements:
- protect against XSS in Success Message action
- block merge tag injection in repeater field processing
- harden blocks code against unauthorized access
3.14.0 (January 26, 2026)
Features:*
Add support for Abilities API
Bug Fixes:
- Prevent loading CDN font per GDPR rules
3.13.4 (January 14, 2026)
Bug Fixes:
- Check visibility to prevent post spoofing
3.13.3 (December 8, 2025)
Bug Fixes:
- Limit submission token generation
3.13.2 (November 25, 2025)
Bug Fixes:
- Prevent unserialization of user submitted values
3.13.1 (November 17, 2025)
Bug Fixes:
- Ensure submission block token valid only for given page
3.13.0 (October 27, 2025)
Features:
- NEW Signature field
Bug Fixes:
- Ensure opt-in popup can be dismissed
- Allow only ExtraDataHandlers into Submission metabox
- Require form id as integer
- Fix an accessibility issue with labels for HTML and Divider fields.
3.12.2.1 (December 15, 2025)
Bug Fixes:
- Limit submission token generation
3.12.2 (October 6, 2025)
Bug Fixes:
- fix undefined $outgoing
- accessibility fix to set autocomplete
- fix checkbox field calculation, was showing 0 when checked
3.12.1 (September 22, 2025)
Bug Fixes:
- Ensure nonce use in download and telemetry
3.12.0 (September 8, 2025)
Features:
- Add hCaptcha field
Bug Fixes:
- Ensure File Upload link in submissions table is clickable
3.11.1.1 (December 15, 2025)
Bug Fixes:
- Limit submission token generation
3.11.1 (August 20, 2025)
Bug Fixes:
- Prevent object wakeup from unserialization
3.11.0 (July 28 2025)
Features:
- Adds Cloudflare Turnstile CAPTCHA as a modern, privacy-friendly alternative to traditional CAPTCHAs.
- Adds configurable theme (light/dark/auto) and size options for Turnstile field.
- Improves accessibility with screen reader support for CAPTCHA challenges.
Bug Fixes:
- Fixes submission expiration failing on forms with 50+ fields processed in chunks.
- Fixes Summernote editor dropdown menus not displaying properly in certain themes.
- Fixes JavaScript errors in merge tags functionality with improved function binding.
- Fixes forced marketing email sending for late-reported opt-ins.
- Prevents Turnstile field from being used within repeatable fieldsets.
Performance:
- Replaces full Summernote library with lightweight Summernote Lite version.
- Removes unnecessary Bootstrap dependencies reducing CSS by 4,616 lines.
- Reduces total codebase by ~12,000 lines for improved page load times.
Other:
- Updates build system to Node.js 20 for better compatibility.
- Improves CSS build process with proper source map generation.
- Adds comprehensive E2E tests for RTE settings and Turnstile integration.
- Updates test folder structure for better organization.
3.10.4.1 (December 15, 2025)
Bug Fixes:
- Limit submission token generation
3.10.4 (July 7 2025)
Bug Fixes:
- Fixes value issue with time_only date field.
- Fixes issue with common value for date/time field in repeatable field sets.
- Fixes incorrect value for single checkbox merge tags.
3.10.3 (June 30 2025)
Bug Fixes:
- Fixes rounding error for number fields.
- Resolves a hang on save in certain circumstances.
- Removes an unused uinstall hook method.
Misc:
- Updates several npm dependencies.
3.10.2.2 (June 24 2025)
Security Fixes:
- Prevent script tag injection into templates via block prefixes. Thanks to Asaf Mozes for responsibly reporting this security issue.
Misc:
- Concatenates the readme changelog to prevent going over the WP.org word limit.
3.10.2.1 (June 19 2025)
Bug Fixes:
- Fixes an issue with HelpText causing a collision on save with Conditional Logic add-on.
- Fixes an issue with HelpText causing a collision on save with Stripe add-on.
- Fixes an incorrect icon.
3.10.2 (June 18 2025)
Bug Fixes:
- Fixes an issue with the help text for repeater fields.
- Fixes an issue with form processing being slow on forms with many fields.
- Fixes an issue with translations on the date picker field.
- Fixes an issue with saving repeater fields on duplicated forms.
- Fixes an issue with date/time field in repeatable fieldsets.
- Fixes an issue with repeatable field help text.
Features:
- Improved drawer styles with a refreshed look.
3.10.1 (April 14, 2025)
Bug Fixes:
- Prevent stored XSS in various fields
3.10.0 (March 26, 2025)
Features
- Add a Google Analytics 4 Action.
Bug Fixes:
- Fix an error related to using calculations in payment gateway actions.
- Fix an error related to File Uploads merge tags.
- Required errors should no longer trigger on removed repeater sets.
3.9.2.1 (December 15, 2025)
Bug Fixes:
- Limit submission token generation
3.9.2 (March 12, 2025)
Bug Fixes:
- List fields can now be used for determining the payment total in payment collection actions.
- Fixed PHP warnings when using PHP 8.
- Fixed an issue with the Password confirm field.
- Ensure that time field IDs are unique.
- Fixed an issue with the opt-in email.
3.9.1 (February 24, 2025)
Features:
- Allows repeatable fieldsets to be editable in the Submissions page.
Bug Fixes:
- Numbers over 10 billion no longer cause validation errors.
Other:
- Add add-on communication status logs to the System Status page.
- Add additional data points for telemetry.
- Build file updates.
3.9.0 (February 10, 2025)
Features:
- New user onboarding
- Add delete forms WP-CLI command
Other:
- JS library updates
3.8.25.1 (December 15, 2025)
Bug Fixes:
- Limit submission token generation
3.8.25 (January 27, 2025)
Bug Fixes:
- ensure form id value is numeric in shortcodes; responsibly reported by Peter Thaleikis via Wordfence
3.8.24 (January 21, 2025)
Bug Fixes:
- Fixed an accessibility issue related to text contrast when using opinionated styles.
- Fixed accessibility errors related to missing field descriptions.
3.8.23 (December 16, 2024)
Bug Fixes:
- Ensure only permitted form previews are available to a given user
3.8.22 (December 10, 2024)
Bug Fixes:
- Update timing for widget loading on page builders
3.8.21 (December 9, 2024)
Bug Fixes:
- Update timing to load translations after init
3.8.20 (November 26, 2024)
Bug Fixes:
- Sanitize calculations input
3.8.19 (November 18, 2024)
Bug Fixes:
- Remove legacy duplicate field cleanup from render loop
- Convert HTML encoded characters on submissions page
- Verify we are on an nf_sub post type before loading terms list
Other:
- Add behavioural telemetry data
- Add diagnost information to system status
- Update end-to-end test
3.8.18 (October 23, 2024)
Bug Fixes:
- Prevent script in Favorite Fields
- Prevent script in calculation name
- Update field HTML for improved accessibility
3.8.17 (October 1, 2024)
Bug Fixes:
- Ensure help text is mobile responsive for single checkbox, single line text, paragraph text
- Prevent non-required blank email field failing validation
- Replace hard-coded strings for translation
3.8.16 (September 17, 2024)
Bug Fixes:
- Ensure sanitation of email address for merge tag
- Prevent maintenance mode interception
3.8.15 (September 10, 2024)
Bug Fixes:
- Ensure “From Address” email warning shows
- Prevent JS error on datepicker inside fieldset repeater
Other:
- Add PHP compatibility tests
- Add usage telemetry data
3.8.14 (September 3, 2024)
Bug Fixes:
- Ensure submissions page form filter finds form titles
- Provide PHP 7.4 support for jsonSerialize method call
- Ensure hCaptcha field functions when safe-listed
Other:
- JS library updates
3.8.13 (August 26, 2024)
Bug Fixes:
- Prevent mouse scroll wheel from updating currency masked fields - Issues
- Resolved an error where required field validation was not always firing properly on masked fields
- Correct list value tooltip styling error for Safari and Firefox
- A repeatable fieldset that has triggered a required error maintains the error when the repeatable fieldset is deleted
- First Repeated Fieldset’s data is not captured when deleting one of the sets
- Ensure form displays in WP Bakery without needing to refresh page
Other:
- Correct deprecation warnings in SCSS files
- Library updates: The updates affect the structure of the components - mounting and data flow - and the blocks and styling
- Set security resolution for Axios as a dependency of our dependencies
- Reorganize cypress tests
- Add unit tests
- Add initial usage data to telemetry
- High impact accessibility factor corrections
3.8.12 (August 13, 2024)
Bug Fixes:
- Validate label settings on change event
3.8.11 (August 7, 2024)
Bug Fixes:
- Prevent unused key values on Survey Promo link
3.8.10 (August 5, 2024)
Bug Fixes:
- Submissions Table block not displayed on published page on some themes
- Phone field not disabled when expected
- calc value option of list fields not set with help text
- Submission page tooltip icon not displayed on environment not using conventional plugins folder path
Other:
- @wordpress dependencies updates
3.8.9 (July 29, 2024)
Bug Fixes:
- Submissions Block not showing all submissions data.
- Fix deleted repeater field missing required data halting submission
- Add “Administration” section for all fields
- Add missing check_admin_referrer parameter
- Sort by Shortcode on forms page as numerical
- Accessibility: update field description and screen readers
- Enable hidden fields in the unique field
- Fix display Form iFrame in Elementor editor
Other:
- Refactor telemetry dispatch to add unit tests
3.8.8 (July 22, 2024)
Bug Fixes:
- Ensure submissions page and Append Ninja Form block are visible on WP 6.6
Other:
- Update readme ‘tested up to’ and ‘requires at least’
3.8.7 (July 15, 2024)
Bug Fixes:
- prevent licensing CSRF
3.8.6 (July 8, 2024)
Bug Fixes:
- prevent deprecated false to array notice in preview
- prevent undefined array key ‘plugin’ warning in class extension updater
- prevent invalid date error when setting default date format to “j F Y” on non-English languages
Other:
- automated test for version number
- update wordpress library packages
- add documentation links to settings in the form builder
3.8.5 (June 13, 2024)
Bug Fixes:
- Protect preview query parameters
3.8.4 (May 28, 2024)
Bug Fixes:
- Ensure first name field populates only first, not full, name
- Enable personally identifiable setting outside of dev mode
- Add merge tags ‘other’ for random, year, month, day
Other:
- Set version resolutions for certain packages
- Improve discoverability of available actions
- Update marketing feed
3.8.3 (May 1, 2024)
Bug Fixes:
- Ensure fieldset repeaters function on index values ending in 0 (10, 20, etc)
Other:
- Update tests to run on 6.5.2
3.8.2 (March 29, 2024)
Bug Fixes:
- Allow default span tags in form labels
3.8.1 (March 27, 2024)
Bug Fixes:
- Ensure submission exports can’t be called from any unintended pages
- Prevent injected scripts into submit button and advanced labels
- Prevent XSS on image lists
Other:
- Update add-on images
3.8.0 (February 20, 2024)
Features:
- Add ‘referer URL’ merge tag
Bug Fixes:
- Prevent display error when date format is not set
- Ensure current date stored when default is not modified
- Ensure translation of date strings
Other:
- Add user help text and images
- Add automated tests