cleantalk
Vulnerabilities and Security Researches

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks, CVE-2025-54015

CVE, Research URL

CVE-2025-54015

Home page URL

Security reports for Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks

Application

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks

Published on
Jul 16, 2025
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins HT Contact Form 7 allows PHP Local File Inclusion. This issue affects HT Contact Form 7: from n/a through 2.0.0.
Affected versions
Min -, max 2.1.0.
Status
vulnerable
Previous vulnerability researches
BuddyPress & BuddyBoss Member Profile Forms (053af10176d1dc3feead6bb1c45f871d35190797) , Jun 07, 2024
New vulnerability
Bold Page Builder (CVE-2025-54006) , Jul 19, 2025
Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo (CVE-2025-5816) , Jul 19, 2025
Block Editor Gallery Slider (CVE-2025-6726) , Jul 18, 2025
YayExtra – WooCommerce Extra Product Options (CVE-2025-48299) , Jul 18, 2025
Pay with Contact Form 7 (CVE-2025-52777) , Jul 18, 2025