{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14356", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-09T16:40:32.811Z", "datePublished": "2025-12-12T06:32:57.656Z", "dateUpdated": "2026-04-08T16:47:07.182Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:47:07.182Z"}, "affected": [{"vendor": "themefic", "product": "Ultra Addons for Contact Form 7", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.5.33", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7_get_generated_pdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level access and above, to generate and get form submission PDF, when the \"PDF Generator\" and the \"Database\" addons are enabled (disabled by default)."}], "title": "Ultra Addons for Contact Form 7 <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3af9ece0-1556-4457-87ee-343daec5e74f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L316"}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L321"}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L341"}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L53"}, {"url": "https://plugins.trac.wordpress.org/changeset/3417590/ultimate-addons-for-contact-form-7"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "cweId": "CWE-639", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Angus Girvan"}], "timeline": [{"time": "2025-12-10T12:25:01.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-12-11T17:40:29.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-12T20:30:30.463601Z", "id": "CVE-2025-14356", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-12T20:30:42.366Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14356", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-12T20:30:30.463601Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-12T20:30:36.763Z"}}], "cna": {"title": "Ultra Addons for Contact Form 7 <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF", "credits": [{"lang": "en", "type": "finder", "value": "Angus Girvan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "themefic", "product": "Ultra Addons for Contact Form 7", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.5.33"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-10T12:25:01.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-12-11T17:40:29.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3af9ece0-1556-4457-87ee-343daec5e74f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L316"}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L321"}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L341"}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L53"}, {"url": "https://plugins.trac.wordpress.org/changeset/3417590/ultimate-addons-for-contact-form-7"}], "descriptions": [{"lang": "en", "value": "The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7_get_generated_pdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level access and above, to generate and get form submission PDF, when the \"PDF Generator\" and the \"Database\" addons are enabled (disabled by default)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:47:07.182Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14356", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:47:07.182Z", "dateReserved": "2025-12-09T16:40:32.811Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-12T06:32:57.656Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7_get_generated_pdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level access and above, to generate and get form submission PDF, when the \"PDF Generator\" and the \"Database\" addons are enabled (disabled by default)."}], "id": "CVE-2025-14356", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-12T07:15:44.733", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L316"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L321"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L341"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-contact-form-7/trunk/addons/pdf-generator/pdf-generator.php#L53"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3417590/ultimate-addons-for-contact-form-7"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3af9ece0-1556-4457-87ee-343daec5e74f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T00:15:10.759406+00:00", "value": {"mitigation_remediation": ["Update Ultra Addons for Contact Form 7 to version 3.5.34 or later, which adds the missing capability check.", "If an update is delayed, deactivate the PDF Generator and Database addons on the site to remove the vulnerable functionality.", "Review and tighten user role capabilities so that Subscriber profiles do not have unnecessary access; consider removing the Subscriber role if it is not needed for the site.", "Optionally, enable a web application firewall rule or custom filter to block requests to the PDF generation endpoint for non\u2011administrative users, ensuring only authorized users can trigger PDF creation."], "summary": {"action": "Apply Update", "impact": "Unauthorized PDF Generation"}, "threat_synthesis": {"affected_systems": "Affected systems are sites running the WordPress plugin Ultra Addons for Contact Form 7, themefic, in versions up to 3.5.33 inclusive. The issue only surfaces when both the PDF Generator addon and the Database addon are turned on, although they are disabled by default. The plugin is commonly deployed on contact forms, so many WordPress installations may be susceptible if they remain on or below the affected version.", "description_and_impact": "The Ultra Addons for Contact Form 7 plugin contains a missing capability check on the uacf7_get_generated_pdf function in all versions up to 3.5.33. This flaw allows any authenticated user with at least Subscriber level, when the PDF Generator and Database addons are enabled, to request and download a PDF that contains the data of any form submission. The vulnerability is classified as CWE\u2011639 (Authority Bypass), exposing confidential submission data without authorization. With a CVSS score of 4.3, the impact can reach moderate confidentiality loss but the exploitability is low because the attacker must be logged in and the plugin features must be activated.", "risk_and_exploitability": "Risk assessment indicates a CVSS score of 4.3 and an EPSS score of less than 1\u202f%, meaning that while the confidentiality effect is moderate, the probability of exploitation in the wild is low. The vulnerability is not listed in CISA's KEV catalog. Exploitability requires user authentication and access to the PDF generation endpoint, typically easy for a legitimate subscriber to obtain. An attacker could harvest sensitive data from form submissions, potentially enabling phishing or data abuse. Advisory suggests prompt remediation, as the attack vector is simple and the data exposed can be valuable."}}}}, "created": "2025-12-14T21:17:07.503991+00:00", "updated": "2026-04-22T00:30:04.036867+00:00", "vendors": ["themefic", "themefic$PRODUCT$ultimate_addons_for_contact_form_7", "wordpress", "wordpress$PRODUCT$wordpress"]}