Executive Summary



This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary
Informations
Name CVE-2025-7697 First vendor Publication 2025-07-19
Vendor Cve Last vendor Modification 2025-07-19

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 9.8
Base Score 9.8 Environmental Score 9.8
impact SubScore 5.9 Temporal Score 9.8
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

The Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.1 via deserialization of untrusted input within the verify_field_val() function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in the Contact Form 7 plugin, which is likely to be used alongside, allows attackers to delete arbitrary files, leading to a denial of service or remote code execution when the wp-config.php file is deleted.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7697

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-502 Deserialization of Untrusted Data

Sources (Detail)

https://plugins.trac.wordpress.org/browser/integration-for-contact-form-7-and...
https://plugins.trac.wordpress.org/changeset/3329005/
https://wordpress.org/plugins/integration-for-contact-form-7-and-google-sheet...
https://www.wordfence.com/threat-intel/vulnerabilities/id/a0146f17-35bd-45cf-...
Source Url

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2025-07-19 13:21:52
  • First insertion