{"id":59536,"date":"2025-07-21T10:21:05","date_gmt":"2025-07-21T10:21:05","guid":{"rendered":""},"modified":"2025-09-04T12:13:46","modified_gmt":"2025-09-04T18:13:46","slug":"cve-2025-7341-arbitrary-file-deletion-vulnerability-in-ht-contact-form-widget-for-wordpress","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-7341-arbitrary-file-deletion-vulnerability-in-ht-contact-form-widget-for-wordpress\/","title":{"rendered":"CVE-2025-7341: Arbitrary File Deletion Vulnerability in HT Contact Form Widget For WordPress<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The world of cybersecurity is in a continuous state of alert as the CVE-2025-7341 vulnerability surfaces, posing a potential risk to a large number of websites. This vulnerability affects the HT Contact Form Widget plugin for WordPress, one of the most widely used content management systems (CMS) globally. As this plugin is popular among WordPress<\/a> users for creating contact forms, the impact of this vulnerability is significant. It allows unauthenticated attackers to delete arbitrary files<\/a> from the server, leading to potential system compromise or data leakage.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-7341
\nSeverity: Critical (9.1 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Arbitrary file deletion can lead to remote<\/a> code execution, potentially compromising the system or leading to data leakage.<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n