Themefic Ultra Addons For Contact Form 7
4 CVEs affecting Themefic Ultra Addons For Contact Form 7. Latest disclosed: 2025-12-12. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-6212 | High | 7.2 | 2025-06-26 | The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Database module in versions 3.5.11 to 3.5.19 due… |
CVE-2025-6220 | High | 7.2 | 2025-06-18 | The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' func… |
CVE-2025-6756 | Medium | 6.4 | 2025-07-01 | The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7_CUSTOM_FIELDS shortcode in all ver… |
CVE-2025-14356 | Medium | 4.3 | 2025-12-12 | The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7_get_gener… |