AI description
CVE-2025-7340 is an arbitrary file upload vulnerability affecting the HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress. The vulnerability exists due to missing file type validation in the `temp_file_upload` function in versions up to and including 2.2.1. This flaw allows unauthenticated attackers to upload arbitrary files, including executable PHP scripts, to the affected site's server. These files are stored in public directories, enabling direct access and execution, potentially leading to remote code execution and complete site takeover.
- Description
- The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the temp_file_upload function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
- Source
- security@wordfence.com
- NVD status
- Analyzed
- Products
- download_contact_form_7_widget_for_elementor_page_builder_\&_gutenberg_blocks
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-434
- Hype score
- Not currently trending
🚨Vulnerabilidades críticas en un plugin de WordPress dejan 10.000 sitios vulnerables ➡️ HT Contact Form Widget for Elementor Page Builder & Gutenberg Blocks & Form Builder ⚠️ CVE-2025-7340 ⚠️ CVE-2025-7341 https://t.co/mytav1Kyls
@elhackernet
31 Jul 2025
5686 Impressions
41 Retweets
97 Likes
21 Bookmarks
2 Replies
1 Quote
1万サイト以上が使用するWordPressのプラグインHT Contact Formに重大(Critical)な脆弱性。CVE-2025-7340はCVSSスコア9.8で任意ファイルアップロードの脆弱性。temp_file_upload()におけるファイルタイプ検証の欠如に起因。当然
@__kokumoto
26 Jul 2025
897 Impressions
0 Retweets
5 Likes
7 Bookmarks
0 Replies
0 Quotes
CVE-2025-7340, -7341, 7360: Multiple vulnerabilities in HT Contact WordPress plugin, 9.1 - 9.8 rating 🔥 Three vulns allow attackers to upload and execute arbitrary files. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/CYDbQ880k8 #cybersecurity #vulnerability_map
@Netlas_io
15 Jul 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-7340 The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file uploads due to missing fil… https://t.co/OkrfRadWSe
@CVEnew
15 Jul 2025
515 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-7340: CRITICAL] WordPress plugin HT Contact Form Widget is vulnerable to arbitrary file uploads due to missing file type validation. Attackers can upload files, leading to remote code execution.#cve,CVE-2025-7340,#cybersecurity https://t.co/ssPk76AY9v https://t.co/NZJlK
@CveFindCom
15 Jul 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hasthemes:download_contact_form_7_widget_for_elementor_page_builder_\\&_gutenberg_blocks:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "867698F7-BEA0-4E88-8894-A233A040E08A",
"versionEndExcluding": "2.2.2"
}
],
"operator": "OR"
}
]
}
]