cleantalk
Vulnerabilities and Security Researches

Ultimate Addons for Contact Form 7, CVE-2026-32460

CVE, Research URL

CVE-2026-32460

Home page URL

Security reports for Ultimate Addons for Contact Form 7

Application

Ultimate Addons for Contact Form 7

Published on
Mar 14, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.5.36.
Affected versions
max 3.5.36.
Status
vulnerable
Previous vulnerability researches
Ultimate Addons for Contact Form 7 (CVE-2022-47586) , Jun 07, 2024
Ultimate Addons for Contact Form 7 (CVE-2023-1615) , Jun 07, 2024
Ultimate Addons for Contact Form 7 (CVE-2023-30495) , Jun 07, 2024
Ultimate Addons for Contact Form 7 (CVE-2026-32460) , Mar 29, 2026
Ultimate Addons for Contact Form 7 (CVE-2023-30493) , Jun 07, 2024
New vulnerability
BackWPup &#8211; WordPress Backup Plugin (CVE-2025-15041) , Mar 29, 2026
hCaptcha for WordPress (CVE-2026-25315) , Mar 29, 2026
Breeze &#8211; WordPress Cache Plugin (CVE-2025-13864) , Mar 29, 2026
SMTP Mailer (CVE-2026-32538) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2026-25362) , Mar 29, 2026