4 matches found
CVE-2025-7645
The Extensions For CF7 Contact form 7 Database, Conditional Fields and Redirection plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete-file' field in all versions up to, and including, 3.2.8. This makes it possible for...
CVE-2025-7645 Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) <= 3.2.8 - Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission Deletion
The Extensions For CF7 Contact form 7 Database, Conditional Fields and Redirection plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete-file' field in all versions up to, and including, 3.2.8. This makes it possible for...
CVE-2025-7645
The CVE-2025-7645 issue affects the WordPress plugin Extensions For CF7 (Extensions For CF7: Contact Form 7 Database, Conditional Fields and Redirection). The root cause is insufficient file path validation in the delete-file field, allowing unauthenticated attackers to delete arbitrary files on ...
WordPress Extensions For CF7 plugin <= 3.2.8 - Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission Deletion vulnerability
Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Extensions For CF7 versions = 3.2.8...