Filtered by vendor Codedropz
Subscribe
Filtered by product Drag And Drop Multiple File Upload - Contact Form 7
Subscribe
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1112 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2024-04-11 | 5.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument upload_name leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222072. | |||||
| CVE-2023-5822 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2023-12-10 | N/A | 9.8 CRITICAL |
| The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if a user authorized to edit form, which means editor privileges or above, has added a 'multiple file upload' form field with '*' acceptable file types. | |||||
| CVE-2022-45364 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2023-12-10 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.6.5 versions. | |||||
| CVE-2023-1282 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2023-12-10 | N/A | 6.1 MEDIUM |
| The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. | |||||
| CVE-2022-3282 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2023-12-10 | N/A | 4.3 MEDIUM |
| The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the contact form. | |||||
| CVE-2022-0595 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue | |||||
| CVE-2020-12800 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file. | |||||