Unrestricted File Upload Vulnerability in RedefiningTheWeb's Contact Form 7 PDF Plugin for WordPress
CVE-2025-64231

Currently unrated

Key Information:

Vendor: WordPress
Status: WordPress Contact Form 7 PDF, Google Sheet & Database
Vendor: CVE Published:; 18 December 2025

What is CVE-2025-64231?

The RedefiningTheWeb Contact Form 7 PDF, Google Sheet & Database plugin exposes a critical vulnerability that allows attackers to upload malicious files. This flaw affects versions up to and including 3.0.0. By exploiting this weakness, an unauthorized user may execute arbitrary code on the web server, potentially compromising the security of the entire site. It is essential for website administrators to update to a secure version promptly and implement robust file validation measures to mitigate the risk of such attacks.

Affected Version(s)

WordPress Contact Form 7 PDF, Google Sheet & Database <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/rtww...

vdb-entry

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Oct 29, 2025

Credit

0xd4rk5id3 | Patchstack Bug Bounty Program

JSON