Ultra Addons for Contact Form 7

Vulnerabilities 14Slug ultimate-addons-for-contact-form-7Latest version 3.5.42WordPress.org →

Minimum safe version

3.5.37

Update to 3.5.37 or later to address 14 fixable vulnerabilities

Latest available3.5.42 ✓

Medium 6.5

2026-03-14< 3.5.37

Ultra Addons for Contact Form 7 <= 3.5.36 - Authenticated (Contributor+) Stored Cross-Site Scripting

Wordfence CVE

Medium 5.3

2026-02-03< 3.5.35

CVE-2026-24945

CVE Wordfence

Medium 4.3

2025-12-12< 3.5.34

CVE-2025-14356

CVE Wordfence

Medium 6.4

2025-07-01< 3.5.22

Ultra Addons for Contact Form 7 <= 3.5.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode

EUVD Wordfence CVE

High 7.2

2025-06-26< 3.5.20

Ultra Addons for Contact Form 7 3.5.11 - 3.5.19 - Unauthenticated Stored Cross-Site Scripting via Database module

EUVD Wordfence CVE

High 7.2

2025-06-18< 3.5.13

WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.5.12 is vulnerable to Arbitrary File Upload

Patchstack EUVD Wordfence CVE

High 7.1

2023-12-14< 3.2.1

CVE-2023-49766

CVE Patchstack Wordfence WPScan

High 7.5

2025-01-02< 3.2.11

CVE-2023-47693

CVE Patchstack Wordfence WPScan

High 7.1

2023-09-27< 3.2.1

CVE-2023-30493

CVE Patchstack Wordfence WPScan

Medium 6.1

2023-08-14< 3.1.29

CVE-2023-2803

CVE Wordfence WPScan

Medium 4.8

2023-08-14< 3.1.29

CVE-2023-2802

CVE Wordfence WPScan

Medium 6.5

2023-06-09< 3.1.24

CVE-2023-1615

CVE Wordfence WPScan WPScan

High 8.2

2023-06-19< 3.1.24

CVE-2022-47586

CVE Patchstack Wordfence WPScan

High 8.5

2023-12-20< 3.1.24

CVE-2023-30495

CVE Patchstack Wordfence