Lucene search
+L
CodedropzDrag And Drop Multiple File Upload - Contact Form 7

12 matches found

CVE
CVE
added 2025/06/17 9:21 a.m.230 views

CVE-2025-3515

CVE-2025-3515 affects the WordPress plugin “Drag and Drop Multiple File Upload for Contact Form 7” (versions ≤ 1.3.8.9). Affected component: inc/dnd-upload-cf7.php (function dnd_upload_cf7_upload). Root cause: insufficient file-type validation enabled by a blacklist bypass, allowing unauthenticat...

9.8CVSS8.6AI score0.0509EPSS
CVE
CVE
added 2023/03/01 9:54 a.m.137 views

CVE-2023-1112

CVE-2023-1112 affects the WordPress plugin Drag and Drop Multiple File Upload for Contact Form 7 (version 5.0.6.1). The vulnerability is in an unknown function within admin-ajax.php where manipulating the parameter upload_name enables relative path traversal. Public exploitation is reported, with...

9.8CVSS7AI score0.03004EPSS
CVE
CVE
added 2023/11/22 3:33 p.m.136 views

CVE-2023-5822

CVE-2023-5822 affects the WordPress plugin Drag and Drop Multiple File Upload – Contact Form 7. Vulnerability: arbitrary file upload due to insufficient file type validation in dnd_upload_cf7_upload, enabling unauthenticated attackers to upload arbitrary files if a multiple-file upload form field...

9.8CVSS7.9AI score0.01793EPSS
In wild
CVE
CVE
added 2022/03/28 5:22 p.m.133 views

CVE-2022-0595

The CVE-2022-0595 entry concerns the WordPress Drag and Drop Multiple File Upload plugin (Contact Form 7 integration) with versions before 1.3.6.3. The vulnerability is an unauthenticated stored XSS flaw: the dnd_codedropz_upload AJAX action permits SVG uploads, enabling injection of malicious sc...

5.4CVSS5.2AI score0.13575EPSS
Web
CVE
CVE
added 2020/06/08 4:25 p.m.124 views

CVE-2020-12800

CVE-2020-12800 affects the WordPress plugin “Drag and Drop Multi File Upload – Contact Form 7” (prior to 1.3.3.3). The underlying flaw is in the file upload handling, where the allowed_type/filter can be bypassed by using a php% value, enabling uploading a .php% file and enabling remote code exec...

9.8CVSS9.6AI score0.78751EPSS
In wildWeb
CVE
CVE
added 2025/03/28 6:51 a.m.80 views

CVE-2025-2328

Technical details for CVE-2025-2328 are not provided in the connected documents. Monitor for official updates on affected products, root cause, impact, and remediation.

8.8CVSS9AI score0.01002EPSS
CVE
CVE
added 2024/05/02 4:51 p.m.78 views

CVE-2024-3717

CVE-2024-3717 affects the Drag and Drop Multiple File Upload – Contact Form 7 WordPress plugin, exposing sensitive uploaded form data via the /wp-content/uploads/wp_dndcf7_uploads/wpcf7-files directory. Publicly accessible data exposure applies to all versions up to 1.3.7.7. The Wordfence vulnera...

7.5CVSS9.2AI score0.0065EPSS
CVE
CVE
added 2025/03/28 6:51 a.m.77 views

CVE-2025-2485

CVE-2025-2485 affects WordPress plugin Drag and Drop Multiple File Upload for Contact Form 7 (versions

8.8CVSS8AI score0.00538EPSS
CVE
CVE
added 2022/10/17 12:0 a.m.73 views

CVE-2022-3282

The CVE-2022-3282 issue affects the WordPress Drag and Drop Multiple File Upload plugin (versions prior to 1.3.6.5). The underlying flaw is a failure to validate the upload size limit, as the plugin reads the limit from user input at submission time, allowing attackers to bypass the admin-imposed...

4.3CVSS4.7AI score0.00543EPSS
Web
CVE
CVE
added 2023/04/17 12:17 p.m.73 views

CVE-2023-1282

The CVE-2023-1282 entry affects the WordPress plugins “Drag and Drop Multiple File Upload PRO – Contact Form 7 Standard” (before 2.11.1) and “Drag and Drop Multiple File Upload PRO – Contact Form 7 with Remote Storage Integrations” (before 5.0.6.4). Root cause: both plugins do not sanitize/escape...

6.1CVSS6.1AI score0.00542EPSS
Web
CVE
CVE
added 2023/05/24 3:48 p.m.59 views

CVE-2022-45364

CVE-2022-45364 is a CSRF vulnerability in the WordPress plugin Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7, affected versions

8.8CVSS7.2AI score0.00248EPSS
CVE
CVE
added 2025/01/31 11:11 a.m.57 views

CVE-2024-12267

CVE-2024-12267 affects the WordPress plugin “Drag and Drop Multiple File Upload for Contact Form 7” (versions up to and including 1.3.8.5). The vulnerability is caused by insufficient file path validation in the dnd_codedropz_upload_delete() function, allowing unauthenticated attackers to perform...

9.1CVSS7.1AI score0.00318EPSS