CVE-2025-14356

Name of the Vulnerable Software and Affected Versions Ultra Addons for Contact Form 7 plugin for WordPress versions through 3.5.33

Description The software is susceptible to unauthorized data access because of a missing capability check on the uacf7 get generated pdf function. Authenticated attackers with Subscriber-level access or higher can generate and retrieve form submission PDFs when the "PDF Generator" and "Database" addons are enabled.

Recommendations Update to a version beyond 3.5.33.