CVE-2025-14356
Unknown Unknown - Not Provided
Unauthorized Access in Ultra Addons for Contact Form 7 Plugin

Publication date: 2025-12-12

Last updated on: 2025-12-12

Assigner: Wordfence

Description
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7_get_generated_pdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level access and above, to generate and get form submission PDF, when the "PDF Generator" and the "Database" addons are enabled (disabled by default).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-12
Last Modified
2025-12-12
Generated
2026-06-16
AI Q&A
2025-12-12
EPSS Evaluated
2026-06-14
NVD
CVE-2025-14356
EUVD
EUVD-2025-203059
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpress contact_form_7 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows authenticated users with Subscriber-level access and above to generate and access PDF versions of form submissions without proper authorization checks. Since these PDFs may contain personal or sensitive data submitted through Contact Form 7, unauthorized access could lead to data exposure. Such exposure may violate data protection regulations like GDPR or HIPAA, which require strict controls on access to personal and sensitive information. Therefore, this vulnerability could negatively impact compliance with these standards by enabling unauthorized data access.

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized AJAX requests to the WordPress admin AJAX endpoint that invoke the action 'uacf7_get_generated_pdf'. Specifically, look for POST requests to 'wp-admin/admin-ajax.php' with the parameter 'action=uacf7_get_generated_pdf'. Since the vulnerability allows authenticated users with Subscriber-level access and above to generate PDFs without proper capability checks, you can check your web server logs or use tools like curl to simulate such requests. Example command to test if the endpoint is accessible (replace URL and add authentication cookies or headers as needed): curl -X POST -d 'action=uacf7_get_generated_pdf&form_id=1&id=1&nonce=YOUR_NONCE' https://yourwordpresssite.com/wp-admin/admin-ajax.php -v. Additionally, review user roles and permissions in WordPress to identify if Subscriber-level users can access this AJAX action improperly. Network IDS/IPS rules can be created to alert on such AJAX calls. However, no specific detection commands are provided in the resources. [1]

Executive Summary

This vulnerability exists in the Ultra Addons for Contact Form 7 WordPress plugin, where a missing capability check in the 'uacf7_get_generated_pdf' function allows authenticated users with Subscriber-level access or higher to generate and retrieve form submission PDFs if the 'PDF Generator' and 'Database' addons are enabled.

Impact Analysis

An attacker with at least Subscriber-level access can access form submission PDFs without proper authorization, potentially exposing sensitive data submitted through the forms, leading to unauthorized data disclosure.

Mitigation Strategies

To mitigate this vulnerability, immediately update the Ultra Addons for Contact Form 7 plugin to a version later than 3.5.33 where the missing capability check is fixed. Additionally, if the "PDF Generator" and "Database" addons are not required, disable them as they are disabled by default and their enablement is necessary for exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14356. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart