Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveWPScanCVE-2023-1282
HistoryApr 17, 2023 - 1:15 p.m.

CVE-2023-1282

2023-04-1713:15:38
WPScan
web.nvd.nist.gov
37
cve-2023-1282
drag and drop multiple file upload pro
contact form 7
wordpress plugin
remote storage integrations
cross-site scripting
security vulnerability

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

45.6%

JSON

The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins.

Affected configurations

Nvd
Vulners
Node
codedropzdrag_and_drop_multiple_file_upload_-_contact_form_7Range<2.11.1standardwordpress
OR
codedropzdrag_and_drop_multiple_file_upload_-_contact_form_7Range<5.0.6.4prowordpress
VendorProductVersionCPE
codedropzdrag_and_drop_multiple_file_upload_-_contact_form_7*cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:standard:wordpress:*:*
codedropzdrag_and_drop_multiple_file_upload_-_contact_form_7*cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:pro:wordpress:*:*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "2.0.0",
        "lessThan": "2.11.1"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "5.0.0.0",
        "lessThan": "5.0.6.4"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Related

prion 1
cvelist 1
wpexploit 2
wpvulndb 2
nvd 1
prion
prion
Cross site scripting
2023-04-17 13:15:00
cvelist
cvelist
CVE-2023-1282 Drag and Drop Multiple File Upload PRO - Reflected Cross-Site Scripting
2023-04-17 12:17:42
wpexploit
wpexploit
Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard < 2.11.1 - Reflected Cross-Site Scripting
2023-03-21 00:00:00
Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations < 5.0.6.4 - Reflected Cross-Site Scripting
2023-03-21 00:00:00
wpvulndb
wpvulndb
Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard < 2.11.1 - Reflected Cross-Site Scripting
2023-03-21 00:00:00
Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations < 5.0.6.4 - Reflected Cross-Site Scripting
2023-03-21 00:00:00
nvd
nvd
CVE-2023-1282
2023-04-17 13:15:38

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

45.6%

JSON
Related for CVE-2023-1282
prion1cvelist1wpexploit2wpvulndb2nvd1