Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. 2.2.1

  • Severity: critical
  • Status: Fixed
  • Publication: July 14, 2025

A plugin for WordPress called HT Contact Form Widget has a security issue where it doesn’t properly check the location of files being moved. This means that anyone can move files on the server, even if they are not logged in. This can be very dangerous because it could allow someone to run code on your website.

Detected in:

HT Contact Form – Drag & Drop Form Builder for WordPress fixed vulnerable versions:
HT Contact Form – Easy Form Builder for WordPress fixed vulnerable versions:
HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.