The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file moving d

WORDPRESS

15-07-2025 02:20

CVE-2025-7360 Vulnerabilidad documentada

Sin puntuación

Tags

#wordpress

#plugin

#wp

#server

#php

#gutenberg

#form

#elementor

#contact

#config

#/elementor(.*)wordpress/iU

#elementor wordpress

#attackers

#authenticated

#arbitrary

#vulnerable

#remote

#execution

#attack

Descripción

The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks Builder. plugin for WordPress is vulnerable to arbitrary file moving due insufficient path validation in the handle_files_upload() function all versions up to, and including, 2.2.1. This makes it possible unauthenticated attackers move files on server, which can easily lead remote code execution when right moved (such as wp-config.php).

https://plugins.trac.wordpress.org/changeset/3326887/ht-contactform/trunk/admin/Includes/Api/Endpoints/Submission.php?contextall=1&old=3316109&old_path= 2Fht-contactform 2Ftrunk 2Fadmin 2FIncludes 2FApi 2FEndpoints 2FSubmission.php

https://wordpress.org/plugins/ht-contactform/

https://www.wordfence.com/threat-intel/vulnerabilities/id/dd42c83c-c51c-45a5-8ad5-0df2c0cc411d?source=cve

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-7360

Resultados similares

Coincidentes en almenos en 50% de los tags

15-07-2025 CVE-2025-7667
The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in al...
Ver información

15-07-2025 CVE-2025-4369
The Companion Auto Update plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
Ver información