5 matches found
CVE-2022-3282
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in t...
CVE-2022-3282
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in t...
CVE-2022-3282 Drag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit Bypass
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in t...
CVE-2022-3282 Drag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit Bypass
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in t...
CVE-2022-3282
The CVE-2022-3282 issue affects the WordPress Drag and Drop Multiple File Upload plugin (versions prior to 1.3.6.5). The underlying flaw is a failure to validate the upload size limit, as the plugin reads the limit from user input at submission time, allowing attackers to bypass the admin-imposed...