Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-45377
Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce.This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a up to and including 1.0.8.
Codedropz Drag And Drop Multiple File Upload For Woocommerce
5.4
CVSSv3
CVE-2022-0595
The Drag and Drop Multiple File Upload WordPress plugin prior to 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
4.3
CVSSv3
CVE-2022-3282
The Drag and Drop Multiple File Upload WordPress plugin prior to 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit...
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
8.8
CVSSv3
CVE-2022-45364
Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.6.5 versions.
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
9.8
CVSSv3
CVE-2020-12800
The drag-and-drop-multiple-file-upload-contact-form-7 plugin prior to 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
2 Github repositories
9.8
CVSSv3
CVE-2023-5822
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauth...
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
9.8
CVSSv3
CVE-2023-1112
A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument upload_name leads to relative path traversal. It i...
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
1 Github repository
6.1
CVSSv3
CVE-2023-1282
The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin prior to 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin prior to 5.0.6.4 do not sanitise and escape a parameter before outpu...
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
5.4
CVSSv3
CVE-2023-5458
The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin prior to 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
Ashik Cits Support Svg\\, Webp Media And Ttf\\,otf File Upload
NA
CVE-2006-3381
SturGeoN Upload allows remote malicious users to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product.
Sturgeon Upload Sturgeon Upload
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »