CVE-2025-7340

CRITICAL EXPLOITED

HT Contact Form Widget <= 2.2.1 - Unauthenticated Arbitrary File Upload

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-7340 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Nxploited, Boshe99, Kai-One001.

AI-analyzed exploit summary The repository contains a functional Python exploit for CVE-2025-7340, an unauthenticated arbitrary file upload vulnerability in the HT Contact Form Widget plugin for WordPress. The exploit automates the extraction of required parameters (nonce, form_id, AJAX endpoint) and uploads a PHP webshell to achieve remote code execution.

Description

The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the temp_file_upload() function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Exploits (3)

nomisec WORKING POC 7 stars
by Nxploited · remote
https://github.com/Nxploited/CVE-2025-7340

The repository contains a functional Python exploit for CVE-2025-7340, an unauthenticated arbitrary file upload vulnerability in the HT Contact Form Widget plugin for WordPress. The exploit automates the extraction of required parameters (nonce, form_id, AJAX endpoint) and uploads a PHP webshell to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder (versions up to and including 2.2.1)
No auth needed
Prerequisites: Target must have the vulnerable HT Contact Form Widget plugin installed and active · The vulnerable form must be present on the page provided to the exploit
devstral-2 · analyzed Feb 18, 2026 Full analysis →
github WORKING POC
by Boshe99 · pythonpoc
https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2025-7340

The repository contains functional exploit code for CVE-2025-7340, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the ability to upload a malicious file to a vulnerable target.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin 3DPrint Lite 1.9.1.4
No auth needed
Prerequisites: Vulnerable WordPress plugin installed · Network access to the target
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC
by Kai-One001 · remote
https://github.com/Kai-One001/WordPress-HT-Contact-CVE-2025-7340-RCE

This repository contains a functional exploit for CVE-2025-7340, a file upload vulnerability in the WordPress HT Contact Form Widget plugin. The exploit automates the process of extracting necessary parameters (nonce, AJAX URL, form ID), uploading a PHP webshell, and providing an interactive shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WordPress HT Contact Form Widget
No auth needed
Prerequisites: Target running vulnerable WordPress HT Contact Form Widget plugin · Network access to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0197
EPSS Percentile 84.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2026-05-04
CWE
CWE-434
Status published
Products (2)
hasthemes/download_contact_form_7_widget_for_elementor_page_builder_\&_gutenberg_blocks < 2.2.2
htplugins/HT Contact Form – Drag & Drop Form Builder for WordPress < 2.2.1
Published Jul 15, 2025
Tracked Since Feb 18, 2026