12 matches found
CVE-2025-3515
CVE-2025-3515 affects the WordPress plugin “Drag and Drop Multiple File Upload for Contact Form 7” (versions ≤ 1.3.8.9). Affected component: inc/dnd-upload-cf7.php (function dnd_upload_cf7_upload). Root cause: insufficient file-type validation enabled by a blacklist bypass, allowing unauthenticat...
CVE-2023-1112
CVE-2023-1112 affects the WordPress plugin Drag and Drop Multiple File Upload for Contact Form 7 (version 5.0.6.1). The vulnerability is in an unknown function within admin-ajax.php where manipulating the parameter upload_name enables relative path traversal. Public exploitation is reported, with...
CVE-2023-5822
CVE-2023-5822 affects the WordPress plugin Drag and Drop Multiple File Upload – Contact Form 7. Vulnerability: arbitrary file upload due to insufficient file type validation in dnd_upload_cf7_upload, enabling unauthenticated attackers to upload arbitrary files if a multiple-file upload form field...
CVE-2022-0595
The CVE-2022-0595 entry concerns the WordPress Drag and Drop Multiple File Upload plugin (Contact Form 7 integration) with versions before 1.3.6.3. The vulnerability is an unauthenticated stored XSS flaw: the dnd_codedropz_upload AJAX action permits SVG uploads, enabling injection of malicious sc...
CVE-2020-12800
CVE-2020-12800 affects the WordPress plugin “Drag and Drop Multi File Upload – Contact Form 7” (prior to 1.3.3.3). The underlying flaw is in the file upload handling, where the allowed_type/filter can be bypassed by using a php% value, enabling uploading a .php% file and enabling remote code exec...
CVE-2025-2328
Technical details for CVE-2025-2328 are not provided in the connected documents. Monitor for official updates on affected products, root cause, impact, and remediation.
CVE-2024-3717
CVE-2024-3717 affects the Drag and Drop Multiple File Upload – Contact Form 7 WordPress plugin, exposing sensitive uploaded form data via the /wp-content/uploads/wp_dndcf7_uploads/wpcf7-files directory. Publicly accessible data exposure applies to all versions up to 1.3.7.7. The Wordfence vulnera...
CVE-2025-2485
CVE-2025-2485 affects WordPress plugin Drag and Drop Multiple File Upload for Contact Form 7 (versions
CVE-2022-3282
The CVE-2022-3282 issue affects the WordPress Drag and Drop Multiple File Upload plugin (versions prior to 1.3.6.5). The underlying flaw is a failure to validate the upload size limit, as the plugin reads the limit from user input at submission time, allowing attackers to bypass the admin-imposed...
CVE-2023-1282
The CVE-2023-1282 entry affects the WordPress plugins “Drag and Drop Multiple File Upload PRO – Contact Form 7 Standard” (before 2.11.1) and “Drag and Drop Multiple File Upload PRO – Contact Form 7 with Remote Storage Integrations” (before 5.0.6.4). Root cause: both plugins do not sanitize/escape...
CVE-2022-45364
CVE-2022-45364 is a CSRF vulnerability in the WordPress plugin Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7, affected versions
CVE-2024-12267
CVE-2024-12267 affects the WordPress plugin “Drag and Drop Multiple File Upload for Contact Form 7” (versions up to and including 1.3.8.5). The vulnerability is caused by insufficient file path validation in the dnd_codedropz_upload_delete() function, allowing unauthenticated attackers to perform...