Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-19288

Malicious code in bioql PyPI...

10CVSS6.6AI score0.00348EPSS
Exploits0References1
CVE
CVE
added 2025/06/17 9:21 a.m.215 views

CVE-2025-3515

CVE-2025-3515 affects the WordPress plugin “Drag and Drop Multiple File Upload for Contact Form 7” (versions ≤ 1.3.8.9). Affected component: inc/dnd-upload-cf7.php (function dnd_upload_cf7_upload). Root cause: insufficient file-type validation enabled by a blacklist bypass, allowing unauthenticat...

9.8CVSS8.6AI score0.0509EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2025/05/09 8:24 a.m.87 views

CVE-2025-4403

The CVE-2025-4403 entry concerns the WordPress plugin Drag and Drop Multiple File Upload for WooCommerce. Affected versions are all up to and including 1.1.6. The root cause is improper validation in the upload() function, where a user-supplied supported_type string and uploaded filename are acce...

9.8CVSS9.8AI score0.0182EPSS
Exploits3References5
NVD
NVD
added 2025/03/28 7:15 a.m.13 views

CVE-2025-2328

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dndremoveuploadedfiles' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated...

8.8CVSS0.01002EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/28 6:51 a.m.15 views

CVE-2025-2485 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnduploadcf7upload' function. This makes it possible for attackers to inject a PHP...

7.5CVSS0.00538EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/03/28 6:51 a.m.12 views

CVE-2025-2328 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dndremoveuploadedfiles' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated...

8.8CVSS0.01002EPSS
Exploits0References3
OSV
OSV
added 2023/05/24 4:15 p.m.7 views

CVE-2022-45364

Cross-Site Request Forgery CSRF vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7 plugin = 1.3.6.5 versions...

8.8CVSS5.8AI score0.00248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/24 3:48 p.m.13 views

CVE-2022-45364 WordPress Drag and Drop Multiple File Upload – Contact Form 7 Plugin <= 1.3.6.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7 plugin = 1.3.6.5 versions...

5.4CVSS8.8AI score0.00248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/17 12:17 p.m.6 views

CVE-2023-1282 Drag and Drop Multiple File Upload PRO - Reflected Cross-Site Scripting

The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the...

6.2AI score0.00542EPSS
Exploits3References2
CVE
CVE
added 2023/04/17 12:17 p.m.71 views

CVE-2023-1282

The CVE-2023-1282 entry affects the WordPress plugins “Drag and Drop Multiple File Upload PRO – Contact Form 7 Standard” (before 2.11.1) and “Drag and Drop Multiple File Upload PRO – Contact Form 7 with Remote Storage Integrations” (before 5.0.6.4). Root cause: both plugins do not sanitize/escape...

6.1CVSS6.1AI score0.00542EPSS
Exploits3References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/01 9:54 a.m.9 views

CVE-2023-1112 Drag and Drop Multiple File Upload Contact Form 7 admin-ajax.php path traversal

A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument uploadname leads to relative path traversal. It is possible to laun...

5.8CVSS7.2AI score0.03004EPSS
Exploits3References3
Rows per page
Query Builder