15 matches found
EUVD-2025-8553
Malicious code in bioql PyPI...
CVE-2025-2485
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnduploadcf7upload' function. This makes it possible for attackers to inject a PHP...
CVE-2025-2328
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dndremoveuploadedfiles' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated...
CVE-2025-2328
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dndremoveuploadedfiles' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated...
CVE-2025-2328
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dndremoveuploadedfiles' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated...
CVE-2025-2485
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnduploadcf7upload' function. This makes it possible for attackers to inject a PHP...
CVE-2025-2485
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnduploadcf7upload' function. This makes it possible for attackers to inject a PHP...
CVE-2025-2485 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnduploadcf7upload' function. This makes it possible for attackers to inject a PHP...
CVE-2025-2485
CVE-2025-2485 affects WordPress plugin Drag and Drop Multiple File Upload for Contact Form 7 (versions
CVE-2025-2485 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnduploadcf7upload' function. This makes it possible for attackers to inject a PHP...
CVE-2025-2328
Technical details for CVE-2025-2328 are not provided in the connected documents. Monitor for official updates on affected products, root cause, impact, and remediation.
PT-2025-13444 · WordPress · Flamingo +2
Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress versions up to, and including, 1.3.8.7 Description: The issue allows for PHP Object Injection via deserialization of untrusted input from the dnd upload cf7 upload...
PT-2025-13443 · WordPress · Drag/Drop Multiple File Upload – Contact Form 7 +2
Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress versions up to, and including, 1.3.8.7 Description: The issue is related to insufficient file path validation in the dnd remove uploaded files function, allowing...
Advanced Flamingo <= 1.0 - Cross-Site Request Forgery
Description The Advanced Flamingo plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request...
WordPress Advanced Flamingo Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Advanced Flamingo Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-52226 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c7da797f1ed4 Credits Huynh Tien Si Require...