Contact Form 7 Widget For Elementor Page Builder And Gutenberg Blocks

Source repositories

https://plugins.svn.wordpress.org/ht-contactform

CVEs (4)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-7340	WordPress Contact Form 7 Widget For Elementor Page Builder And Gutenberg Blocks	Cri	0.57	9.8	0.02	Jul 15, 2025	The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the temp_file_upload() function in all versions up to, and including, 2.2.1. This makes it…
CVE-2025-7360	WordPress Contact Form 7 Widget For Elementor Page Builder And Gutenberg Blocks	Cri	0.52	9.1	0.03	Jul 15, 2025	The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation in the handle_files_upload() function in all versions up to, and including, 2.2.1. This…
CVE-2025-7341	WordPress Contact Form 7 Widget For Elementor Page Builder And Gutenberg Blocks	Cri	0.52	9.1	0.02	Jul 15, 2025	The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the temp_file_delete() function in all versions up to, and including, 2.2.1. This…
CVE-2023-0484	WordPress Contact Form 7 Widget For Elementor Page Builder And Gutenberg Blocks		0.00	—	0.00	Mar 27, 2023	The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

CVE-2025-7340CriJul 15, 2025
WordPress
Contact Form 7 Widget For Elementor Page Builder And Gutenberg Blocks
risk 0.57cvss 9.8epss 0.02
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the temp_file_upload() function in all versions up to, and including, 2.2.1. This makes it…
CVE-2025-7360CriJul 15, 2025
WordPress
Contact Form 7 Widget For Elementor Page Builder And Gutenberg Blocks
risk 0.52cvss 9.1epss 0.03
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation in the handle_files_upload() function in all versions up to, and including, 2.2.1. This…
CVE-2025-7341CriJul 15, 2025
WordPress
Contact Form 7 Widget For Elementor Page Builder And Gutenberg Blocks
risk 0.52cvss 9.1epss 0.02
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the temp_file_delete() function in all versions up to, and including, 2.2.1. This…
CVE-2023-0484Mar 27, 2023
WordPress
Contact Form 7 Widget For Elementor Page Builder And Gutenberg Blocks
risk 0.00cvss —epss 0.00
The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack