Home

Description

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_file_to_upload' function in all versions up to, and including, 3.2.7. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server. If 'allow_url_fopen' is set to 'On', it is possible to upload a remote file to the server.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-21 | Updated 2025-12-21 | Assigner Wordfence




HIGH: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status
unaffected

* (semver)
affected

Timeline

2025-12-16:Vendor Notified
2025-12-20:Disclosed

Credits

LionTree finder

References

www.wordfence.com/...-a364-4644-94fb-d42eb6cc4d9a?source=cve

plugins.trac.wordpress.org/changeset/3423970/wpcf7-redirect

plugins.trac.wordpress.org/...es/class-wpcf7r-save-files.php

cve.org (CVE-2025-14800)

nvd.nist.gov (CVE-2025-14800)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.