{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T07:48:20.098","vulnerabilities":[{"cve":{"id":"CVE-2025-8145","sourceIdentifier":"security@wordfence.com","published":"2025-08-20T03:15:35.857","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the get_lead_fields function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in a Contact Form 7 plugin allows attackers to delete arbitrary files. Additionally, in certain server configurations, Remote Code Execution is possible"},{"lang":"es","value":"El complemento Redirection for Contact Form 7 para WordPress es vulnerable a la inyección de objetos PHP en todas las versiones hasta la 3.2.4 incluida, mediante la deserialización de entradas no confiables en la función get_lead_fields. Esto permite que atacantes no autenticados inyecten un objeto PHP. La presencia adicional de una cadena POP en un complemento de Contact Form 7 permite a los atacantes eliminar archivos arbitrarios. Además, en ciertas configuraciones de servidor, es posible la ejecución remota de código."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wpcf7-redirect/tags/3.2.3/classes/class-wpcf7r-lead.php#L144","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2cb275d5-ec4b-419f-84e1-84172d381411?source=cve","source":"security@wordfence.com"}]}}]}