Drag and Drop Multiple File Upload – Contact Form 7
Glen Don Mongaya
Developer
1.3.9.8
Latest version
60,000
Installations
No date
Last updated
Vulnerability history
0 present
19 patched
12 Mitigation rules
- Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability<= 1.3.9.77 days ago
- Cross Site Scripting (XSS) vulnerability<= 1.3.9.703/06/2026
- Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass vulnerability<= 1.3.9.620/04/2026
- Unauthenticated Limited Arbitrary File Read via mfile Field vulnerability<= 1.3.9.620/04/2026
- Unauthenticated Arbitrary File Upload vulnerability<= 1.3.9.506/03/2026
- Missing Authorization to Unauthenticated File Deletion vulnerability<= 1.3.9.215/01/2026
- WordPress Drag and Drop Multiple File Upload - Contact Form 7 plugin <= 1.3.9.2 - Unauthenticated Limited Arbitrary File Upload vulnerability<= 1.3.9.207/01/2026
- Directory Traversal via `wpcf7_guest_user_id` Cookie vulnerability<= 1.3.9.016/08/2025
- Unauthenticated Arbitrary File Upload via Insufficient Blacklist Checks vulnerability<= 1.3.8.917/06/2025
- Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion vulnerability<= 1.3.8.727/03/2025
- Unauthenticated Arbitrary File Deletion vulnerability<= 1.3.8.727/03/2025
- Limited Arbitrary File Deletion vulnerability<= 1.3.8.530/01/2025
- Sensitive Information Exposure vulnerability<= 1.3.7.730/04/2024
- Wordpress Drag and Drop Multiple File Upload - Contact Form 7 plugin <= 1.3.7.3 - Unauthenticated Arbitrary File Upload vulnerability<= 1.3.7.302/11/2023
- Multiple CSRF vulnerabilities<= 1.3.6.524/02/2023
- File Upload Size Limit Bypass vulnerability<= 1.3.6.426/09/2022
- Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability<= 1.3.6.207/03/2022
- Unauthenticated Remote Code Execution vulnerability<= 1.3.5.421/09/2020
- Unauthenticated File Upload vulnerability leading to Remote Code Execution (RCE)<= 1.3.3.227/05/2020