Simple Contact Forms, CVE-2025-60197

CVE, Research URL: CVE-2025-60197
Home page URL: Security reports for Simple Contact Forms
Application: Simple Contact Forms
Published on: Nov 06, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in owenr88 Simple Contact Forms simple-contact-forms allows PHP Local File Inclusion.This issue affects Simple Contact Forms: from n/a through <= 1.6.4.
Affected versions: max 1.6.4.
Status: vulnerable