VYPR

Ultra Addons for Contact Form 7

by Ultra Addons

CVEs (3)

  • CVE-2025-6756Jul 1, 2025
    risk 0.00cvss epss 0.00

    The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7_CUSTOM_FIELDS shortcode in all versions up to, and including, 3.5.21 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2025-6212Jun 26, 2025
    risk 0.00cvss epss 0.00

    The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Database module in versions 3.5.11 to 3.5.19 due to insufficient input sanitization and output escaping. The unfiltered field names are stored alongside the sanitized…

  • CVE-2025-6220Jun 18, 2025
    risk 0.00cvss epss 0.01

    The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 3.5.12. This makes it possible for authenticated attackers, with…