2 matches found
CVE-2025-8141
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteassociatedfiles function in all versions up to, and including, 3.2.4. This makes it possible for unauthenticated attackers to delete arbitrary fil...
CVE-2025-8289
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the deleteassociatedfiles function. This makes it possible for unauthenticated attackers to inject a PHP Object. This...