Vulnerabilities > Codedropz > Drag AND Drop Multiple File Upload Contact Form 7 > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-22	CVE-2023-5822	Unrestricted Upload of File with Dangerous Type vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7 The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. network low complexity codedropz CWE-434 critical	9.8
2023-03-01	CVE-2023-1112	Path Traversal vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7 5.0.6.1 A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. network low complexity codedropz CWE-22 critical	9.8
2020-06-08	CVE-2020-12800	Unrestricted Upload of File with Dangerous Type vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7 The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file. network low complexity codedropz CWE-434 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.