Fixed
Update the WordPress Ultimate Addons for Contact Form 7 plugin to the latest available version (at least 3.1.24).
minhtuanact discovered and reported this SQL Injection vulnerability in WordPress Ultimate Addons for Contact Form 7 Plugin. This could allow a malicious actor to directly interact with your database, including but not limited to stealing information. This vulnerability has been fixed in version 3.1.24.
Start a free security program for your WordPress plugins or request an audit.
Apply for MVDPReport to Patchstack Alliance bounty platform and earn monthly cash prizes.
Learn moreSuccessfully submit vulnerabilities and receive an invite to our Alliance platform.
Learn more
Close
Ultimate Addons for Contact Form 7
LinkedIn
Facebook
Twitter
Join Discord
