diff --git a/assets/snippets/eform/docs/eform.htm b/assets/snippets/eform/docs/eform.htm
index 8c593d4af7..f6cd0102ff 100755
--- a/assets/snippets/eform/docs/eform.htm
+++ b/assets/snippets/eform/docs/eform.htm
@@ -140,7 +140,7 @@
 		<div class="qe_level_1"><a name="whatsnew"></a>
 <h2>What's New</h2>
 			<div class="qe_level_2">
-			<h3>Version 1.4.4.1 - 1.4.4.7</h3>
+			<h3>Version 1.4.4.1 - 1.4.4.8</h3>
 			<ul>
 				<li>eForm now retains default values for check boxes and radio buttons</li>
 				<li>text input fields now retain default value set in form template</li>
@@ -155,6 +155,7 @@ <h3>Version 1.4.4.1 - 1.4.4.7</h3>
 				<li>Work around for setting required class on check &amp; radio labels</li>
 				<li>bugfix: If eform attibute is set on multiple check boxes only the last value is set in values list</li>
                 <li>Security fix: Additional sanitization applied after stripslashes is used on fields</li>
+                <li>Security fix: Send sendirect, ccsender and autotext mails only to the first mail address of the comma separated list.</li>
 			</ul>
 		<p><br />You can see a more extensive <a href="eform_history.htm">version history here</a>. </p>
 			</div>
diff --git a/assets/snippets/eform/docs/eform_history.htm b/assets/snippets/eform/docs/eform_history.htm
index d9305b0f2e..7071f1f574 100755
--- a/assets/snippets/eform/docs/eform_history.htm
+++ b/assets/snippets/eform/docs/eform_history.htm
@@ -131,7 +131,7 @@
 			</ul>
 		</div>
 		<div class="qe_level_1"><h2>Version History</h2>
-			<h3>Version 1.4.4.1 - 1.4.4.7</h3>
+			<h3>Version 1.4.4.1 - 1.4.4.8</h3>
 			<ul>
 				<li>eForm now retains default values for check boxes and radio buttons</li>
 				<li>text input fields now retain default value set in form template</li>
@@ -146,6 +146,7 @@ <h3>Version 1.4.4.1 - 1.4.4.7</h3>
 				<li>Work around for setting required class on check &amp; radio labels</li>
 				<li>bugfix: If eform attibute is set on multiple check boxes only the last value is set in values list</li>
                 <li>Security fix: Additional sanitization applied after stripslashes is used on fields</li>
+                <li>Security fix: Send sendirect, ccsender and autotext mails only to the first mail address of the comma separated list.</li>
 			</ul>
 					<h3>Version 1.4.4</h3>
 					<ul>
diff --git a/assets/snippets/eform/eform.inc.php b/assets/snippets/eform/eform.inc.php
index ec32d16d15..4090d6b4b0 100644
--- a/assets/snippets/eform/eform.inc.php
+++ b/assets/snippets/eform/eform.inc.php
@@ -1,5 +1,5 @@
 <?php
-# eForm 1.4.4.7 - Electronic Form Snippet
+# eForm 1.4.4.8 - Electronic Form Snippet
 # Original created by: Raymond Irving 15-Dec-2004.
 # Extended by: Jelle Jager (TobyL) September 2006
 # -----------------------------------------------------
@@ -457,8 +457,15 @@ function eForm($modx,$params) {
 				//defaults to html so only test sendasText
 				$isHtml = ($sendAsText==1 || strstr($sendAsText,'report'))?false:true;
 
+				# added in 1.4.4.8 - Send sendirect, ccsender and autotext mails only to the first mail address of the comma separated list.
+				if ($fields['email']) {
+					$firstEmail = array_shift(explode(',', $fields['email']));
+				} else {
+					$firstEmail = '';
+				}
+
 				if(!$noemail) {
-					if($sendirect) $to = $fields['email'];
+					if($sendirect) $to = $firstEmail;
 					$mail = new PHPMailer();
 					$mail->IsMail();
 					$mail->CharSet = $modx->config['modx_charset'];
@@ -476,7 +483,7 @@ function eForm($modx,$params) {
 				}
 
 				# send user a copy of the report
-				if($ccsender && $fields['email']) {
+				if($ccsender && $firstEmail != '') {
 					$mail = new PHPMailer();
 					$mail->IsMail();
 					$mail->CharSet = $modx->config['modx_charset'];
@@ -485,7 +492,7 @@ function eForm($modx,$params) {
 					$mail->FromName	= $fromname;
 					$mail->Subject	= $subject;
 					$mail->Body		= $report;
-					AddAddressToMailer($mail,"to",$fields['email']);
+					AddAddressToMailer($mail,"to",$firstEmail);
 					AttachFilesToMailer($mail,$attachments);
 					if(!$mail->send()) return 'CCSender: ' . $_lang['ef_mail_error'] . $mail->ErrorInfo;
 				}
@@ -493,7 +500,7 @@ function eForm($modx,$params) {
 				# send auto-respond email
 				//defaults to html so only test sendasText
 				$isHtml = ($sendAsText==1 || strstr($sendAsText,'autotext'))?false:true;
-				if ($autotext && $fields['email']!='') {
+				if ($autotext && $firstEmail != '') {
 					$autotext = formMerge($autotext,$fields);
 					$mail = new PHPMailer();
 					$mail->IsMail();
@@ -503,7 +510,7 @@ function eForm($modx,$params) {
 					$mail->FromName	= ($autoSenderName)?$autoSenderName:$fromname;
 					$mail->Subject	= $subject;
 					$mail->Body		= $autotext;
-					AddAddressToMailer($mail,"to",$fields['email']);
+					AddAddressToMailer($mail,"to",$firstEmail);
 					if(!$mail->send()) return 'AutoText: ' . $_lang['ef_mail_error'] . $mail->ErrorInfo;
 				}
 
