48 matches found
EUVD-2026-36970
Subscriber Broken Access Control in Ultra Addons for WPForms = 1.0.11 versions...
CVE-2026-39594
Subscriber Broken Access Control in Ultra Addons for WPForms = 1.0.11 versions...
CVE-2026-39594 WordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerability
Subscriber Broken Access Control in Ultra Addons for WPForms = 1.0.11 versions...
CVE-2026-39594
CVE-2026-39594 affects the WordPress plugin Ultra Addons for WPForms (versions
PT-2026-49405
Subscriber Broken Access Control in Ultra Addons for WPForms = 1.0.11 versions...
WordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by CidKagenouSama in WordPress Plugin Ultra Addons for WPForms versions = 1.0.11...
CVE-2025-14356
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7getgeneratedpdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-14356
CVE-2025-14356 — The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on uacf7_get_generated_pdf in all versions up to and including 3.5.33. The Wordfence report confirms authenticated users with Subscriber-level a...
CVE-2025-14356 Ultra Addons for Contact Form 7 <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7getgeneratedpdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level...
EUVD-2025-203059
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7getgeneratedpdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-14356 Ultra Addons for Contact Form 7 <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7getgeneratedpdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress plugin Ultra Addons for Contact Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security vulnerability exists in...
CVE-2025-9077
The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Animated Text' field of the Typeout Widget in version 1.1.9 and below due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress Ultra Addons Lite for Elementor plugin <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Field vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Animated Text Field vulnerability discovered by zer0gh0st in WordPress Plugin Ultra Addons Lite for Elementor versions = 1.1.9...
EUVD-2025-28703
Malicious code in bioql PyPI...
EUVD-2025-28766
Malicious code in bioql PyPI...
EUVD-2025-9831
Malicious code in bioql PyPI...
EUVD-2025-28707
Malicious code in bioql PyPI...
CVE-2025-9077
The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Animated Text' field of the Typeout Widget in version 1.1.9 and below due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-9077 Ultra Addons Lite for Elementor <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Field
The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Animated Text' field of the Typeout Widget in version 1.1.9 and below due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...