Themefic

Ultimate Addons For Contact Form 7

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-24945

  • EPSS 0.04%
  • Veröffentlicht 03.02.2026 14:08:33
  • Zuletzt bearbeitet 03.02.2026 19:16:21

Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from ...

5.4

CVE-2025-6756

  • EPSS 0.03%
  • Veröffentlicht 01.07.2025 09:25:04
  • Zuletzt bearbeitet 16.07.2025 15:27:07

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7_CUSTOM_FIELDS shortcode in all versions up to, and including, 3.5.21 due to insufficient input sanitization and output escapi...

6.1

CVE-2025-6212

  • EPSS 0.19%
  • Veröffentlicht 26.06.2025 09:22:03
  • Zuletzt bearbeitet 08.07.2025 11:35:01

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Database module in versions 3.5.11 to 3.5.19 due to insufficient input sanitization and output escaping. The unfiltered field names are stor...

7.2

CVE-2025-6220

Exploit
  • EPSS 1.37%
  • Veröffentlicht 18.06.2025 11:16:31
  • Zuletzt bearbeitet 09.07.2025 18:49:50

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 3.5.12. This makes it possible for authenticated...

7.5

CVE-2023-47693

  • EPSS 0.4%
  • Veröffentlicht 02.01.2025 12:15:16
  • Zuletzt bearbeitet 02.01.2025 12:15:16

Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.2.6.

8.1

CVE-2023-30495

  • EPSS 0.13%
  • Veröffentlicht 20.12.2023 17:15:07
  • Zuletzt bearbeitet 21.11.2024 08:00:17

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Ultimate Addons for Contact Form 7.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.1.23.

6.1

CVE-2023-49766

  • EPSS 0.18%
  • Veröffentlicht 14.12.2023 16:15:51
  • Zuletzt bearbeitet 21.11.2024 08:33:48

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Stored XSS.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.2.0.

6.1

CVE-2023-30493

  • EPSS 0.17%
  • Veröffentlicht 27.09.2023 15:18:51
  • Zuletzt bearbeitet 21.11.2024 08:00:17

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.2.0 versions.

4.8

CVE-2023-2802

Exploit
  • EPSS 0.08%
  • Veröffentlicht 14.08.2023 20:15:11
  • Zuletzt bearbeitet 21.11.2024 07:59:19

The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html...

6.1

CVE-2023-2803

Exploit
  • EPSS 0.11%
  • Veröffentlicht 14.08.2023 20:15:11
  • Zuletzt bearbeitet 21.11.2024 07:59:19

The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...