PT-2025-33893 · WordPress · Redirection For Contact Form 7
Phat Rio
·
Published
2025-08-20
·
Updated
2025-08-20
·
CVE-2025-8141
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Redirection for Contact Form 7 versions up to and including 3.2.4
Description:
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the
delete associated files function. This allows unauthenticated attackers to delete arbitrary files on the server, potentially leading to remote code execution when specific files, such as wp-config.php, are deleted.Recommendations:
Update Redirection for Contact Form 7 to a version later than 3.2.4.
Fix
RCE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Redirection For Contact Form 7