CVE-2025-7360 – Elementor Page Builder & Gutenberg Blocks & Form Builder HT Contact Form Widget File Moving Vulnerability

July 15, 2025

CVE ID : CVE-2025-7360

Published : July 15, 2025, 5:15 a.m. | 10 hours, 29 minutes ago

Description : The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation in the handle_files_upload() function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php).

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3621 – ProTNS ActADUR Remote Code Inclusion and Command Injection

Next Article CVE-2025-7341 – Elementor Page Builder & Gutenberg Blocks & Form Builder File Deletion Vulnerability

Akka introduces platform for distributed agentic AI

Design Patterns For AI Interfaces

Amazon launches spec-driven AI IDE, Kiro

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

AI-powered malware eludes Microsoft Defender’s security checks 8% of the time — with just 3 months of training and “reinforcement learning” for around $1,600

7 games that are perfect for handheld gaming PCs — with my favorite Steam Deck, ROG Ally, and Legion Go titles

Windows 11 Firewall with Advanced Security flags up errors in “under development” code — but it’s nothing to worry about

Metal Gear Solid Delta: Snake Eater — How to pre-order, release dates, story, gameplay, and everything else you need to know

The details of TC39’s last meeting

The details of TC39’s last meeting

Revolutionize Your IoT Management with Total.js IoT Platform: Simplify, Monitor, and Optimize

Creating a Brand Kit in Stream: Why It Matters and How It helps Organizations

AI-powered malware eludes Microsoft Defender’s security checks 8% of the time — with just 3 months of training and “reinforcement learning” for around $1,600

AI-powered malware eludes Microsoft Defender’s security checks 8% of the time — with just 3 months of training and “reinforcement learning” for around $1,600

7 games that are perfect for handheld gaming PCs — with my favorite Steam Deck, ROG Ally, and Legion Go titles

Windows 11 Firewall with Advanced Security flags up errors in “under development” code — but it’s nothing to worry about

CVE-2025-7360 – Elementor Page Builder & Gutenberg Blocks & Form Builder HT Contact Form Widget File Moving Vulnerability

CVE-2025-5393 – WordPress Alone Charity Multipurpose Non-profit Theme Arbitrary File Deletion Vulnerability

CVE-2025-5394 – Alone – Charity Multipurpose Non-profit WordPress Theme Unauthenticated Arbitrary File Upload Vulnerability

CVE-2025-48908 – “Ability Auto Startup Service Vulnerability in Foundation Process”

CVE-2025-52377 – Nexxt Solutions NCM-X1800 Mesh Router Command Injection Vulnerability

Skywings Marketing – Best SEO Company in Ghaziabad for Proven Digital Growth

Deploying a Scalable Next.js App on Vercel – A Step-by-Step Guide

Best Chrome Extensions for Web Designers (2025 Toolkit)

iRasptek Raspberry Pi 5 8GB Starter Kit Review

CVE-2025-5374 – PHPGurukul Online Birth Certificate System SQL Injection Vulnerability

Intehill 13.4″ 4K+ Touchscreen Portable Monitor U13ZT Review

CVE-2025-7360 – Elementor Page Builder & Gutenberg Blocks & Form Builder HT Contact Form Widget File Moving Vulnerability

Related Posts