CVE-2025-6756 – “Ultra Addons for Contact Form 7 Stored Cross-Site Scripting Vulnerability”

July 1, 2025

CVE ID : CVE-2025-6756

Published : July 1, 2025, 10:15 a.m. | 18 minutes ago

Description : The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s UACF7_CUSTOM_FIELDS shortcode in all versions up to, and including, 3.5.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleMODICIA O.S. – Linux multimedia distribution

Next Article CVE-2025-49490 – Falcon_Linux Kestrel Lapwing_Linux Router Resource Leak Exposure

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

I flew Insta360’s new ‘Antigravity’ drone around Los Angeles, and it was impossible to miss a shot

The $100 open-ear headphones that made me forget about my Shokz

5 quick and simple ways to greatly improve the quality of your headphones

Installing a UPS battery backup saved my work PC – here’s the full story

Maintaining Data Consistency with Laravel Database Transactions

Maintaining Data Consistency with Laravel Database Transactions

Building a Multi-Step Form With Laravel, Livewire, and MongoDB

Inertia Releases a New Form Component

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Take-Two hints at $100 price tag for Grand Theft Auto VI — will it deliver on value?

ChatGPT Go offers GPT-5, image creation, and longer memory — all for $5 (if you’re lucky enough to live where it’s available)

CVE-2025-6756 – “Ultra Addons for Contact Form 7 Stored Cross-Site Scripting Vulnerability”

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

Zero Trust + AI: Privacy in the Age of Agentic AI

3 Questions: How to help students recognize potential bias in their AI datasets

Sam Altman says people have a high degree of trust in ChatGPT, even though it hallucinates: “It should be the tech that you don’t trust that much”

ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections

CVE-2025-20282 – Cisco ISE and ISE-PIC Privilege Escalation Remote File Upload Vulnerability

Meeting summarization and action item extraction with Amazon Nova

Kindle’s new AI recap feature helps bring you up to speed – how to try it

Chimera is a general-purpose Linux-based OS

SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers

CVE-2025-6756 – “Ultra Addons for Contact Form 7 Stored Cross-Site Scripting Vulnerability”

Related Posts