Themefic Ultra Addons For Contact Form 7

4 CVEs affecting Themefic Ultra Addons For Contact Form 7. Latest disclosed: 2025-12-12. Critical: 0, High: 2.

Top CVEs affecting Themefic Ultra Addons For Contact Form 7
CVESeverityScorePublishedSummary
CVE-2025-6212High7.22025-06-26The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Database module in versions 3.5.11 to 3.5.19 due…
CVE-2025-6220High7.22025-06-18The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' func…
CVE-2025-6756Medium6.42025-07-01The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7_CUSTOM_FIELDS shortcode in all ver…
CVE-2025-14356Medium4.32025-12-12The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7_get_gener…