WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Bao Luu Gia Nguyen in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.7...

WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.9.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by fayespiegel in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.7...

Astra Linux – Vulnerability in Python-Django

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload was never supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However, Django’...

WordPress plugin Drag and Drop Multiple File Upload - Contact Form 7 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2021-47783 Phpwcms 1.9.30 - Arbitrary File Upload

Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform...

WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.2 - Missing Authorization to Unauthenticated File Deletion vulnerability

Missing Authorization to Unauthenticated File Deletion vulnerability discovered by shark3y in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.2...

PT-2026-3156

Name of the Vulnerable Software and Affected Versions Phpwcms version 1.9.30 Description The software contains a file upload issue that permits authenticated attackers to upload malicious SVG files containing JavaScript. Attackers can leverage the multiple file upload functionality to upload...

CVE-2022-0595

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dndcodedropzupload AJAX action, which could lead to Stored Cross-Site Scripting issue...

WordPress plugin Drag and Drop Multiple File Upload – Contact Form 7 代码问题漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

EUVD-2025-19288

Malicious code in bioql PyPI...

EUVD-2025-13374

Malicious code in bioql PyPI...

Exploit for Unrestricted Upload of File with Dangerous Type in Codedropz Drag_And_Drop_Multiple_File_Upload_-_Contact_Form_7

CVE-2025-3515 WordPress Lab Drag and Drop Multiple File Uploa...

WordPress plugin Drag and Drop Multiple File Upload 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Drag and Drop...

CVE-2025-3515

CVE-2025-3515 affects the WordPress plugin “Drag and Drop Multiple File Upload for Contact Form 7” (versions ≤ 1.3.8.9). Affected component: inc/dnd-upload-cf7.php (function dnd_upload_cf7_upload). Root cause: insufficient file-type validation enabled by a blacklist bypass, allowing unauthenticat...

VulnCheck KEV: CVE-2025-2748

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178...

CVE-2022-45364

Cross-Site Request Forgery CSRF vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7 plugin = 1.3.6.5 versions...

CVE-2025-4403

The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user‐supplied supportedtype string and the uploaded filename without enforcing real extension or MIME checks within th...

CVE-2025-4403

The CVE-2025-4403 entry concerns the WordPress plugin Drag and Drop Multiple File Upload for WooCommerce. Affected versions are all up to and including 1.1.6. The root cause is improper validation in the upload() function, where a user-supplied supported_type string and uploaded filename are acce...

WordPress plugin Drag and Drop Multiple File Upload for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A code issue vulnerability exists ...

OutSystems Multiple File Upload 安全漏洞

OutSystems Multiple File Upload is a native multiple file upload component for the OutSystems platform from OutSystems, Inc. A security vulnerability exists in OutSystems Multiple File Upload versions prior to 3.1.0 that stems from insufficient client-side authentication could result in the uploa...