PT-2025-29538 · WordPress · Ht Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.

Phat Rio

Published

2025-07-15

Updated

2025-07-30

CVE-2025-7360

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. versions up to 2.2.1

Description The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation in the handle files upload() function. This allows unauthenticated attackers to move arbitrary files on the server, potentially leading to remote code execution if critical files, such as wp-config.php, are moved.

Recommendations Update HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. to a version later than 2.2.1.

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-7360

Affected Products

Ht Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder.

CVE-2025-7360

Weakness Enumeration

Related Identifiers

Affected Products

References · 13