{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14800", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-16T20:20:41.998Z", "datePublished": "2025-12-21T07:31:11.089Z", "dateUpdated": "2026-04-08T17:16:25.117Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:16:25.117Z"}, "affected": [{"vendor": "themeisle", "product": "Redirection for Contact Form 7", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.2.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_file_to_upload' function in all versions up to, and including, 3.2.7. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server. If 'allow_url_fopen' is set to 'On', it is possible to upload a remote file to the server."}], "title": "Redirection for Contact Form 7 <= 3.2.7 - Unauthenticated Arbitrary File Copy via move_file_to_upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b249ec90-a364-4644-94fb-d42eb6cc4d9a?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3423970/wpcf7-redirect"}, {"url": "https://plugins.trac.wordpress.org/browser/wpcf7-redirect/tags/3.2.7/classes/class-wpcf7r-save-files.php#L180"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "LionTree"}], "timeline": [{"time": "2025-12-16T20:38:59.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-12-20T18:43:20.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-22T16:36:55.828131Z", "id": "CVE-2025-14800", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-22T16:37:02.508Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14800", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-22T16:36:55.828131Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-22T16:36:58.868Z"}}], "cna": {"title": "Redirection for Contact Form 7 <= 3.2.7 - Unauthenticated Arbitrary File Copy via move_file_to_upload", "credits": [{"lang": "en", "type": "finder", "value": "LionTree"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "themeisle", "product": "Redirection for Contact Form 7", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.2.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-16T20:38:59.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-12-20T18:43:20.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b249ec90-a364-4644-94fb-d42eb6cc4d9a?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3423970/wpcf7-redirect"}, {"url": "https://plugins.trac.wordpress.org/browser/wpcf7-redirect/tags/3.2.7/classes/class-wpcf7r-save-files.php#L180"}], "descriptions": [{"lang": "en", "value": "The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_file_to_upload' function in all versions up to, and including, 3.2.7. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server. If 'allow_url_fopen' is set to 'On', it is possible to upload a remote file to the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-12-21T07:31:11.089Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14800", "state": "PUBLISHED", "dateUpdated": "2025-12-22T16:37:02.508Z", "dateReserved": "2025-12-16T20:20:41.998Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-21T07:31:11.089Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_file_to_upload' function in all versions up to, and including, 3.2.7. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server. If 'allow_url_fopen' is set to 'On', it is possible to upload a remote file to the server."}], "id": "CVE-2025-14800", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-21T08:15:48.473", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wpcf7-redirect/tags/3.2.7/classes/class-wpcf7r-save-files.php#L180"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3423970/wpcf7-redirect"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b249ec90-a364-4644-94fb-d42eb6cc4d9a?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T21:20:59.268859+00:00", "value": {"mitigation_remediation": ["Update the Redirection for Contact Form 7 plugin to any release newer than 3.2.7 to remove the missing validation. ", "Disable the PHP configuration directive allow_url_fopen on the server to prevent remote file uploads. ", "If an upgrade is not immediately possible, configure strict MIME type and file extension checks on all file upload endpoints or apply a custom filter to the plugin that rejects disallowed files."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary File Copy via Unauthenticated Attack"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the WordPress plugin Redirection for Contact Form 7 created by themeisle. All releases up to and including version 3.2.7 are impacted; newer releases are presumed to have fixed the issue.", "description_and_impact": "The Redirection for Contact Form 7 plugin lacks file type validation in the move_file_to_upload function, a weakness that permits attackers to copy any file from the site's server. The flaw is a CWE\u2011434, Missing Input Validation. An attacker can place a local file path or, when PHP\u2019s allow_url_fopen is enabled, use a remote URL to upload files to arbitrary locations. These capabilities can lead to unauthorized disclosure, modification of files, or creation of files in privileged directories, threatening the confidentiality, integrity, and availability of the site.", "risk_and_exploitability": "The CVSS score of 8.1 classifies this flaw as high severity. An EPSS score of less than 1% suggests a low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. The attack path is straightforward: an unauthenticated request to the plugin\u2019s file\u2011handling endpoint can be crafted to copy any file on the server, or to upload a remote file if allow_url_fopen is enabled. These conditions indicate that, while exploitation requires no privileged access, it can be performed by remotely connected attackers with no authentication. "}}}}, "created": "2025-12-22T11:40:21.293389+00:00", "updated": "2026-04-20T21:30:18.570370+00:00", "vendors": ["themeisle", "themeisle$PRODUCT$redirection_for_contact_form_7", "wordpress", "wordpress$PRODUCT$wordpress"]}