CVE-2025-8464 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7guestuserid cookie. This makes it possible for unauthenticated attackers to upload and delete files outside of the...

WordPress plugin Drag and Drop Multiple File Upload for Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

PT-2025-33542 · WordPress · Drag/Drop Multiple File Upload – Contact Form 7

Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress versions through 1.3.9.0 Description: The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal via the wpcf7...

PT-2024-22799 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.2.6 Description: There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This issue can be exploited by remote...

CVE-2022-1518

LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure...

CVE-2022-1518

LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure...

Directory traversal

LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure...

CVE-2022-27906

Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory...

CVE-2022-27906

Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory...

Mendelson OFTP2 路径遍历漏洞

Mendelson OFTP2 is an intelligent OFTP2 software for secure data transfer from Mendelson, Germany. A security vulnerability exists in Mendelson OFTP2 that stems from the fact that an attacker can upload files to a server outside of the intended upload directory...