3 matches found
CVE-2025-8464
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7guestuserid cookie. This makes it possible for unauthenticated attackers to upload and delete files outside of the...
CVE-2025-8464
CVE-2025-8464 affects the WordPress plugin Drag and Drop Multiple File Upload for Contact Form 7, vulnerable to Directory Traversal through the wpcf7_guest_user_id cookie in all versions up to 1.3.9.0. This could allow unauthenticated attackers to upload and delete files outside the intended dire...
PT-2025-33542 · WordPress · Drag/Drop Multiple File Upload – Contact Form 7
Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress versions through 1.3.9.0 Description: The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal via the wpcf7...