cleantalk
Vulnerabilities and Security Researches

Ultimate Addons for Contact Form 7, CVE-2026-32460

CVE, Research URL

CVE-2026-32460

Home page URL

Security reports for Ultimate Addons for Contact Form 7

Application

Ultimate Addons for Contact Form 7

Published on
Mar 14, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.5.36.
Affected versions
max 3.5.36.
Status
vulnerable
Previous vulnerability researches
PixelYourSite &#8211; Your smart PIXEL (TAG) Manager (CVE-2024-37447) , Jul 02, 2024
PixelYourSite &#8211; Your smart PIXEL (TAG) Manager (CVE-2025-14280) , Jan 27, 2026
PixelYourSite &#8211; Your smart PIXEL (TAG) Manager (CVE-2025-22300) , Jan 09, 2025
PixelYourSite &#8211; Your smart PIXEL (TAG) Manager (CVE-2024-7870) , Sep 05, 2024
PixelYourSite &#8211; Your smart PIXEL (TAG) Manager (CVE-2023-22700) , Jun 07, 2024
New vulnerability
Subscriptions for WooCommerce &#8211; Subscription Plugin for Collecting Recurring Revenue, Sell Membership Subscription Servic (CVE-2026-24372) , Mar 29, 2026
Meta Box &#8211; WordPress Custom Fields Framework (CVE-2025-14675) , Mar 29, 2026
Admin and Site Enhancements (ASE) (CVE-2026-32423) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2026-28135) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2025-13067) , Mar 29, 2026