CVE-2025-14356
Unauthorized Access in Ultra Addons for Contact Form 7 Plugin
Publication date: 2025-12-12
Last updated on: 2025-12-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | contact_form_7 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Ultra Addons for Contact Form 7 WordPress plugin, where a missing capability check in the 'uacf7_get_generated_pdf' function allows authenticated users with Subscriber-level access or higher to generate and retrieve form submission PDFs if the 'PDF Generator' and 'Database' addons are enabled.
How can this vulnerability impact me? :
An attacker with at least Subscriber-level access can access form submission PDFs without proper authorization, potentially exposing sensitive data submitted through the forms, leading to unauthorized data disclosure.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Ultra Addons for Contact Form 7 plugin to a version later than 3.5.33 where the missing capability check is fixed. Additionally, if the "PDF Generator" and "Database" addons are not required, disable them as they are disabled by default and their enablement is necessary for exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows authenticated users with Subscriber-level access and above to generate and access PDF versions of form submissions without proper authorization checks. Since these PDFs may contain personal or sensitive data submitted through Contact Form 7, unauthorized access could lead to data exposure. Such exposure may violate data protection regulations like GDPR or HIPAA, which require strict controls on access to personal and sensitive information. Therefore, this vulnerability could negatively impact compliance with these standards by enabling unauthorized data access.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized AJAX requests to the WordPress admin AJAX endpoint that invoke the action 'uacf7_get_generated_pdf'. Specifically, look for POST requests to 'wp-admin/admin-ajax.php' with the parameter 'action=uacf7_get_generated_pdf'. Since the vulnerability allows authenticated users with Subscriber-level access and above to generate PDFs without proper capability checks, you can check your web server logs or use tools like curl to simulate such requests. Example command to test if the endpoint is accessible (replace URL and add authentication cookies or headers as needed): curl -X POST -d 'action=uacf7_get_generated_pdf&form_id=1&id=1&nonce=YOUR_NONCE' https://yourwordpresssite.com/wp-admin/admin-ajax.php -v. Additionally, review user roles and permissions in WordPress to identify if Subscriber-level users can access this AJAX action improperly. Network IDS/IPS rules can be created to alert on such AJAX calls. However, no specific detection commands are provided in the resources. [1]