Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
codedropz drag and drop multiple file upload - contact form 7 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5822
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauth...
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
NA
CVE-2022-45364
Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.6.5 versions.
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
NA
CVE-2023-1112
A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument upload_name leads to relative path traversal. It i...
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
1 Github repository
3.5
CVSSv2
CVE-2022-0595
The Drag and Drop Multiple File Upload WordPress plugin prior to 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
NA
CVE-2023-1282
The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin prior to 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin prior to 5.0.6.4 do not sanitise and escape a parameter before outpu...
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
NA
CVE-2022-3282
The Drag and Drop Multiple File Upload WordPress plugin prior to 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit...
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
7.5
CVSSv2
CVE-2020-12800
The drag-and-drop-multiple-file-upload-contact-form-7 plugin prior to 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started