cleantalk
Vulnerabilities and Security Researches

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks, CVE-2025-7340

CVE, Research URL

CVE-2025-7340

Home page URL

Security reports for Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks

Application

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks

Published on
Jul 15, 2025
Research Description
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the temp_file_upload function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
Min -, max 2.2.2.
Status
vulnerable
Previous vulnerability researches
BuddyPress & BuddyBoss Member Profile Forms (053af10176d1dc3feead6bb1c45f871d35190797) , Jun 07, 2024
New vulnerability
Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo (CVE-2025-5816) , Jul 19, 2025
Block Editor Gallery Slider (CVE-2025-6726) , Jul 18, 2025
YayExtra – WooCommerce Extra Product Options (CVE-2025-48299) , Jul 18, 2025
Pay with Contact Form 7 (CVE-2025-52777) , Jul 18, 2025
WordPress-WPJobBoard (CVE-2025-49455) , Jul 18, 2025