3 matches found
CVE-2025-2485
creationtimestamp| type| source ---|---|--- 2025-03-28 07:27:25+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9278 2025-03-28 09:00:46+00:00| seen| Telegram/XIfoapzkwNJsJw4RxZTHMHcfx4In8sLhGpiMBa3HdRB-zbs 2025-03-28 09:22:59+00:00| seen| https://t.me/cvedetector/21377...
CVE-2025-2485 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnduploadcf7upload' function. This makes it possible for attackers to inject a PHP...
CVE-2025-2485 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnduploadcf7upload' function. This makes it possible for attackers to inject a PHP...