PT-2025-52586 · WordPress · Redirection For Contact Form 7
Liontree
·
Published
2025-12-21
·
Updated
2025-12-26
·
CVE-2025-14800
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Contact Form 7 Redirection plugin for WordPress versions up to and including 3.2.7
Description
The plugin is susceptible to arbitrary file uploads because of a lack of file type validation within the
move file to upload function. This allows unauthenticated attackers to copy arbitrary files on the server of the affected site. If the PHP configuration setting allow url fopen is enabled, attackers can upload remote files to the server.Recommendations
Update to a version beyond 3.2.7.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Redirection For Contact Form 7