Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file upload vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-45377
Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce.This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a up to and including 1.0.8.
Codedropz Drag And Drop Multiple File Upload For Woocommerce
668
VMScore
CVE-2020-12800
The drag-and-drop-multiple-file-upload-contact-form-7 plugin prior to 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
2 Github repositories
NA
CVE-2023-1112
A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument upload_name leads to relative path traversal. It i...
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
1 Github repository
NA
CVE-2022-3282
The Drag and Drop Multiple File Upload WordPress plugin prior to 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit...
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
NA
CVE-2022-45364
Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.6.5 versions.
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
NA
CVE-2023-1282
The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin prior to 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin prior to 5.0.6.4 do not sanitise and escape a parameter before outpu...
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
NA
CVE-2023-5822
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauth...
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
312
VMScore
CVE-2022-0595
The Drag and Drop Multiple File Upload WordPress plugin prior to 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
NA
CVE-2023-5458
The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin prior to 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
Ashik Cits Support Svg\\, Webp Media And Ttf\\,otf File Upload
755
VMScore
CVE-2006-3381
SturGeoN Upload allows remote malicious users to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product.
Sturgeon Upload Sturgeon Upload
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »