cleantalk
Vulnerabilities and Security Researches

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks, CVE-2025-7341

CVE, Research URL

CVE-2025-7341

Home page URL

Security reports for Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks

Application

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks

Published on
Jul 15, 2025
Research Description
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the temp_file_delete() function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Affected versions
Min -, max 2.2.2.
Status
vulnerable
Previous vulnerability researches
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-43292) , Aug 20, 2024
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-0766) , Jun 10, 2024
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-35167) , Jun 10, 2024
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-50447) , Oct 27, 2024
Envo's Elementor Templates & Widgets for WooCommerce (CVE-2024-0768) , Jun 10, 2024
New vulnerability
Block Editor Gallery Slider (CVE-2025-6726) , Jul 18, 2025
YayExtra – WooCommerce Extra Product Options (CVE-2025-48299) , Jul 18, 2025
Pay with Contact Form 7 (CVE-2025-52777) , Jul 18, 2025
WordPress-WPJobBoard (CVE-2025-49455) , Jul 18, 2025
Restaurant Menu and Food Ordering (CVE-2025-54038) , Jul 18, 2025