2 matches found
CVE-2022-0595
The CVE-2022-0595 entry concerns the WordPress Drag and Drop Multiple File Upload plugin (Contact Form 7 integration) with versions before 1.3.6.3. The vulnerability is an unauthenticated stored XSS flaw: the dnd_codedropz_upload AJAX action permits SVG uploads, enabling injection of malicious sc...
CVE-2022-0595 Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Unauthenticated Stored XSS
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dndcodedropzupload AJAX action, which could lead to Stored Cross-Site Scripting issue...