11 matches found
EUVD-2025-19288
Malicious code in bioql PyPI...
CVE-2025-3515
CVE-2025-3515 affects the WordPress plugin “Drag and Drop Multiple File Upload for Contact Form 7” (versions ≤ 1.3.8.9). Affected component: inc/dnd-upload-cf7.php (function dnd_upload_cf7_upload). Root cause: insufficient file-type validation enabled by a blacklist bypass, allowing unauthenticat...
CVE-2025-4403
The CVE-2025-4403 entry concerns the WordPress plugin Drag and Drop Multiple File Upload for WooCommerce. Affected versions are all up to and including 1.1.6. The root cause is improper validation in the upload() function, where a user-supplied supported_type string and uploaded filename are acce...
CVE-2025-2328
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dndremoveuploadedfiles' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated...
CVE-2025-2485 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnduploadcf7upload' function. This makes it possible for attackers to inject a PHP...
CVE-2025-2328 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dndremoveuploadedfiles' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated...
CVE-2022-45364
Cross-Site Request Forgery CSRF vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7 plugin = 1.3.6.5 versions...
CVE-2022-45364 WordPress Drag and Drop Multiple File Upload – Contact Form 7 Plugin <= 1.3.6.5 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7 plugin = 1.3.6.5 versions...
CVE-2023-1282 Drag and Drop Multiple File Upload PRO - Reflected Cross-Site Scripting
The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the...
CVE-2023-1282
The CVE-2023-1282 entry affects the WordPress plugins “Drag and Drop Multiple File Upload PRO – Contact Form 7 Standard” (before 2.11.1) and “Drag and Drop Multiple File Upload PRO – Contact Form 7 with Remote Storage Integrations” (before 5.0.6.4). Root cause: both plugins do not sanitize/escape...
CVE-2023-1112 Drag and Drop Multiple File Upload Contact Form 7 admin-ajax.php path traversal
A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument uploadname leads to relative path traversal. It is possible to laun...