Vulnerabilities and security researches forht-contactform ht-contactform

Jun 07, 2024

CVE, Research URL: CVE-2023-0484
Home page URL: Security reports for Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
Application: Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
Date: Mar 27, 2023
Research Description: The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Affected versions: Min -, max -.
Status: vulnerable

Jan 25, 2025

CVE, Research URL: CVE-2025-24726
Home page URL: Security reports for Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
Application: Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
Date: Jan 24, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Conctact Form 7 allows Stored XSS. This issue affects HT Conctact Form 7: from n/a through 1.2.1.
Affected versions: Min -, max -.
Status: vulnerable

Jul 18, 2025

CVE, Research URL: CVE-2025-7340
Home page URL: Security reports for Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
Application: Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
Date: Jul 15, 2025
Research Description: The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the temp_file_upload function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-7341
Home page URL: Security reports for Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
Application: Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
Date: Jul 15, 2025
Research Description: The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the temp_file_delete() function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-7360
Home page URL: Security reports for Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
Application: Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
Date: Jul 15, 2025
Research Description: The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation in the handle_files_upload() function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-54015
Home page URL: Security reports for Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
Application: Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks
Date: Jul 16, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins HT Contact Form 7 allows PHP Local File Inclusion. This issue affects HT Contact Form 7: from n/a through 2.0.0.
Affected versions: Min -, max -.
Status: vulnerable