Themefic Ultimate Addons For Contact Form 7 — known CVE vulnerabilities
Every CVE whose affected-product data names Themefic Ultimate Addons For Contact Form 7, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2023-1615 — CVSS 8.8 (high): The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and…
CVE-2023-30495 — CVSS 8.5 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Ultimate Addons for Contact…
CVE-2022-47586 — CVSS 8.2 (high): Unauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.1.23 versions.
CVE-2025-6220 — CVSS 7.2 (high): The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the…
CVE-2025-6212 — CVSS 7.2 (high): The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Database module in versions…
CVE-2023-49766 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact…
CVE-2023-30493 — CVSS 7.1 (high): Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.2.0 versions.
CVE-2025-6756 — CVSS 6.4 (medium): The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7_CUSTOM_FIELDS…
CVE-2023-2803 — CVSS 6.1 (medium): The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape a parameter before outputting it back in…
CVE-2023-2802 — CVSS 4.8 (medium): The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow…