Drag And Drop Multiple File Upload - Contact Form 7@* Security Vulnerabilities and Issues — Drag And Drop Multiple File Upload - Contact Form 7@* CVE List

Lucene search

CodedropzDrag And Drop Multiple File Upload - Contact Form 7*

8 matches found

CVE•added 2023/03/01 10:15 a.m.•114 views

CVE-2023-1112

A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument upload_name leads to relative path traversal. It is possible to launc...

9.8CVSS7AI score0.21654EPSS

CVE•added 2023/11/22 4:15 p.m.•108 views

CVE-2023-5822

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to upload...

9.8CVSS9.8AI score0.04403EPSS

CVE•added 2022/03/28 6:15 p.m.•88 views

CVE-2022-0595

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue

5.4CVSS5.2AI score0.09414EPSS

CVE•added 2020/06/08 5:15 p.m.•86 views

CVE-2020-12800

The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.

9.8CVSS9.6AI score0.92572EPSS

CVE•added 2022/10/17 12:15 p.m.•55 views

CVE-2022-3282

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the...

4.3CVSS4.7AI score0.00041EPSS

CVE•added 2023/04/17 1:15 p.m.•51 views

CVE-2023-1282

The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the pa...

6.1CVSS6.1AI score0.00519EPSS

CVE•added 2024/05/02 5:15 p.m.•44 views

CVE-2024-3717

The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '/wp-content/uploads/wp_dndcf7_uploads/wpcf7-files' directory. This makes it possible for unauthenticated attackers to e...

5.3CVSS9.2AI score0.00268EPSS

CVE•added 2023/05/24 4:15 p.m.•43 views

CVE-2022-45364

Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7 plugin

8.8CVSS7.2AI score0.00043EPSS