{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7340", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-07T20:29:32.034Z", "datePublished": "2025-07-15T04:23:42.345Z", "dateUpdated": "2026-04-08T17:32:19.145Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:32:19.145Z"}, "affected": [{"vendor": "htplugins", "product": "HT Contact Form \u2013 Drag & Drop Form Builder for WordPress", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.2.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the temp_file_upload() function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "title": "HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f0cb666b-bfab-492f-a74e-11dc9b171136?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ht-contactform/trunk/admin/Includes/Services/FileManager.php#L86"}, {"url": "https://plugins.trac.wordpress.org/changeset/3326887/ht-contactform/trunk/admin/Includes/Services/FileManager.php?contextall=1&old=3316109&old_path=%2Fht-contactform%2Ftrunk%2Fadmin%2FIncludes%2FServices%2FFileManager.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "vgo0"}], "timeline": [{"time": "2025-07-09T05:23:45.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-07-14T15:59:03.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-15T13:30:48.942765Z", "id": "CVE-2025-7340", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-15T13:31:06.438Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7340", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-15T13:30:48.942765Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-15T13:30:57.700Z"}}], "cna": {"title": "HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Upload", "credits": [{"lang": "en", "type": "finder", "value": "vgo0"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "htplugins", "product": "HT Contact Form \u2013 Drag & Drop Form Builder for WordPress", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.2.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-09T05:23:45.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-07-14T15:59:03.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f0cb666b-bfab-492f-a74e-11dc9b171136?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ht-contactform/trunk/admin/Includes/Services/FileManager.php#L86"}, {"url": "https://plugins.trac.wordpress.org/changeset/3326887/ht-contactform/trunk/admin/Includes/Services/FileManager.php?contextall=1&old=3316109&old_path=%2Fht-contactform%2Ftrunk%2Fadmin%2FIncludes%2FServices%2FFileManager.php"}], "descriptions": [{"lang": "en", "value": "The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the temp_file_upload() function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:32:19.145Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7340", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:32:19.145Z", "dateReserved": "2025-07-07T20:29:32.034Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-15T04:23:42.345Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hasthemes:download_contact_form_7_widget_for_elementor_page_builder_\\&_gutenberg_blocks:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "867698F7-BEA0-4E88-8894-A233A040E08A", "versionEndExcluding": "2.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the temp_file_upload() function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."}, {"lang": "es", "value": "El complemento HT Contact Form Widget para Elementor Page Builder y Gutenberg Blocks &amp; Form Builder para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n temp_file_upload en todas las versiones hasta la 2.2.1 incluida. Esto permite que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que podr\u00eda posibilitar la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2025-7340", "lastModified": "2026-04-08T19:24:31.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-15T05:15:28.520", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/ht-contactform/trunk/admin/Includes/Services/FileManager.php#L86"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3326887/ht-contactform/trunk/admin/Includes/Services/FileManager.php?contextall=1&old=3316109&old_path=%2Fht-contactform%2Ftrunk%2Fadmin%2FIncludes%2FServices%2FFileManager.php"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f0cb666b-bfab-492f-a74e-11dc9b171136?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T22:16:41.011392+00:00", "value": {"mitigation_remediation": ["Apply the latest patch or upgrade the HT Contact Form plugin to a version newer than 2.2.1, which restores proper MIME type validation.", "If an upgrade cannot be performed immediately, disable or restrict the file\u2011upload feature in the plugin\u2019s settings, allowing only non\u2011executable extensions such as .jpg or .txt.", "Add a Web Application Firewall rule or .htaccess directives to block execution of files in the plugin\u2019s upload directory, ensuring that even if a file is uploaded it is served as a download, not a script."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability applies to the htplugins HT Contact Form \u2013 Drag & Drop Form Builder for WordPress plugin, versions up to and including 2.2.1. Sites using this plugin in those releases are at risk.", "description_and_impact": "The plugin processes file uploads without restricting MIME types, a flaw catalogued as CWE\u2011434. Unauthenticated users can upload any file to the server. If a malicious script is placed in a web\u2011accessible directory, it can be executed, giving the attacker full control over the affected WordPress installation and compromising all aspects of the site.", "risk_and_exploitability": "With a CVSS score of 9.8 the weakness is considered critical. The EPSS score is below 1\u202f% and the vulnerability is not listed in CISA KEV, suggesting a very low current exploitation rate. Nevertheless, the attack path is simple: an unauthenticated attacker posts a file to the plugin\u2019s upload endpoint, and if the server executes the file, remote code execution follows. No additional access or configuration is required beyond the upload action."}}}}, "created": "2026-04-20T22:30:19.865818+00:00", "updated": "2026-04-20T22:30:19.865835+00:00", "vendors": []}