Description
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the temp_file_upload function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Product(s):
- HasThemes Download Contact Form 7 Widget for Elementor Page Builder & Gutenberg Blocks for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.0.3 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.0.4 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.0.5 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.0.6 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.0.7 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.0.8 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.0.9 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.1.0 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.1.1 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.1.2 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.1.3 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.1.4 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.1.5 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.1.6 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.1.7 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.1.9 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.2.0 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.2.1 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 1.2.2 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 2.0.0 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 2.1.0 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 2.2.0 for WordPress
- HasThemes Download Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks 2.2.1 for WordPress
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2025-7340, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2025-7340 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.