Vulnerabilities > Codedropz > Drag AND Drop Multiple File Upload Contact Form 7 > 1.3.6.3

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-22	CVE-2023-5822	Unrestricted Upload of File with Dangerous Type vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7 The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. network low complexity codedropz CWE-434 critical	9.8
2023-05-24	CVE-2022-45364	Unspecified vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7 Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. network low complexity codedropz	8.8
2022-10-17	CVE-2022-3282	Authorization Bypass Through User-Controlled Key vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7 The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. network low complexity codedropz CWE-639	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.