Vulnerabilities > Codedropz > Drag AND Drop Multiple File Upload Contact Form 7 > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-17	CVE-2023-1282	Unspecified vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7 5.0.6.1/5.0.6.3 The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. network low complexity codedropz	6.1
2022-10-17	CVE-2022-3282	Authorization Bypass Through User-Controlled Key vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7 The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. network low complexity codedropz CWE-639	4.3
2022-03-28	CVE-2022-0595	Unspecified vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7 The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue network low complexity codedropz	5.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.