Platform
wordpress
Component
extensions-for-cf7
Fixed in
3.2.9
CVE-2025-7645 is an arbitrary file deletion vulnerability affecting the Extensions For CF7 plugin for WordPress. This flaw allows unauthenticated attackers to delete files on the server, potentially leading to remote code execution. The vulnerability impacts versions 0.0.0 through 3.2.8 of the plugin and is addressed in version 3.2.9.
The primary impact of CVE-2025-7645 is the potential for remote code execution (RCE). An attacker can exploit this vulnerability by crafting a malicious request to delete critical files, such as wp-config.php. Successful deletion of wp-config.php would grant the attacker complete control over the WordPress installation, allowing them to modify content, install malware, or compromise the entire system. The lack of authentication required for exploitation significantly broadens the attack surface, making it accessible to a wide range of attackers. This vulnerability shares similarities with other file deletion vulnerabilities where the deletion of core configuration files can lead to full system compromise.
CVE-2025-7645 was publicly disclosed on 2025-07-22. There is currently no indication of active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog as of this writing. Public proof-of-concept (PoC) code is likely to emerge given the ease of exploitation and the potential for RCE.
Exploit Status
EPSS
0.55% (68% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-7645 is to immediately upgrade the Extensions For CF7 plugin to version 3.2.9 or later. If upgrading is not immediately possible due to compatibility issues or breaking changes, consider restricting file access permissions on the WordPress server to limit the potential damage from a successful exploit. Implement a Web Application Firewall (WAF) with rules to block suspicious file deletion requests targeting the plugin's endpoints. Regularly review WordPress plugin installations and remove any unused or outdated plugins to reduce the attack surface. After upgrading, verify the fix by attempting to delete a test file through the plugin's interface and confirming that the deletion fails.
Actualice el plugin Extensions For CF7 a la versión 3.2.9 o superior para solucionar la vulnerabilidad de eliminación arbitraria de archivos. Esta actualización corrige la falta de validación adecuada de la ruta del archivo, previniendo que atacantes no autenticados eliminen archivos sensibles en el servidor.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-7645 is a vulnerability in the Extensions For CF7 WordPress plugin allowing unauthenticated attackers to delete files, potentially leading to remote code execution.
You are affected if you are using Extensions For CF7 versions 0.0.0 through 3.2.8 on your WordPress website.
Upgrade the Extensions For CF7 plugin to version 3.2.9 or later to resolve the vulnerability.
There is currently no indication of active exploitation campaigns, but public PoCs are likely to emerge.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.