Vulnerabilities > CVE-2022-0595 - Unspecified vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue