10,000 WordPress Sites Affected by Critical Vulnerabilities in HT Contact Form WordPress Plugin

SecurityVendor
Yanac

On June 24th, 2025, we received a submission for an Arbitrary File Upload and an Arbitrary File Deletion vulnerability in HT Contact Form, a WordPress plugin with more than 10,000 active installations. The arbitrary file upload vulnerability can be used by unauthenticated attackers to upload arbitrary files to a vulnerable site and achieve remote code execution, which is typically leveraged for a complete site takeover. The arbitrary file deletion vulnerability can be used by unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can also make a site takeover possible.
The post 10,000 WordPress Sites Affected by Critical Vulnerabilities in HT Contact Form WordPress Plugin appeared first on Wordfence.WordfenceRead More