Unrestricted File Upload Vulnerability in RedefiningTheWeb's Contact Form 7 PDF Plugin for WordPress
CVE-2025-64231

9.8CRITICAL

Key Information:

Vendor

WordPress
Status
WordPress Contact Form 7 PDF, Google Sheet & Database
Vendor
CVE Published:
18 December 2025

What is CVE-2025-64231?

The RedefiningTheWeb Contact Form 7 PDF, Google Sheet & Database plugin exposes a critical vulnerability that allows attackers to upload malicious files. This flaw affects versions up to and including 3.0.0. By exploiting this weakness, an unauthorized user may execute arbitrary code on the web server, potentially compromising the security of the entire site. It is essential for website administrators to update to a secure version promptly and implement robust file validation measures to mitigate the risk of such attacks.

Affected Version(s)

WordPress Contact Form 7 PDF, Google Sheet & Database <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/rtww...
vdb-entry

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

0xd4rk5id3 | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64231 : Unrestricted File Upload Vulnerability in RedefiningTheWeb's Contact Form 7 PDF Plugin for WordPress