Extensions For Cf7 (Contact Form 7 Database, Conditional Fields And Redirection)
Approved changes feed: RSS · Atom
cpe:2.3:a:htplugins:extensions_for_cf7_(contact_form_7_database,_conditional_fields_and_redirection):*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Htplugins (40f27a31-3999-57f1-b8a0-8bc6fd59159e) |
|---|---|
| Product | Extensions For Cf7 (Contact Form 7 Database, Conditional Fields And Redirection) (6986b697-4fb1-5069-9c4f-a7fa01da566f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-7645 |
vulnerable | 2026-06-08 07:45:17.855811 |
Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) <= 3.2.8 - Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission Deletion
HIGH (8.1)
The Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete-file' field in all versions up to, and including, 3.2.8. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, when an administrator deletes the submission, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Published: 2025-07-22T06:38:50.000Z
Updated: 2026-04-08T17:05:26.662Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.