Drag and Drop Multiple File Upload – Contact Form 7

Glen Don Mongaya

Developer

1.3.9.2

Latest version

60,000

Installations

No date

Last updated

WordPress Plugin

No VDP

Claim ownership

Report vulnerability

Vulnerabilities

Security Contributors

Vulnerability history

0 present

12 fixed

7 Mitigation rules

Directory Traversal via `wpcf7_guest_user_id` Cookie vulnerability
<= 1.3.9.0
Aug 16, 2025
Unauthenticated Arbitrary File Upload via Insufficient Blacklist Checks vulnerability
<= 1.3.8.9
Jun 17, 2025
Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion vulnerability
<= 1.3.8.7
Mar 27, 2025
Unauthenticated Arbitrary File Deletion vulnerability
<= 1.3.8.7
Mar 27, 2025
Limited Arbitrary File Deletion vulnerability
<= 1.3.8.5
Jan 30, 2025
Sensitive Information Exposure vulnerability
<= 1.3.7.7
Apr 30, 2024
Wordpress Drag and Drop Multiple File Upload - Contact Form 7 plugin <= 1.3.7.3 - Unauthenticated Arbitrary File Upload vulnerability
<= 1.3.7.3
Nov 2, 2023
Multiple CSRF vulnerabilities
<= 1.3.6.5
Feb 24, 2023
File Upload Size Limit Bypass vulnerability
<= 1.3.6.4
Sep 26, 2022
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
<= 1.3.6.2
Mar 7, 2022
Unauthenticated Remote Code Execution vulnerability
<= 1.3.5.4
Sep 21, 2020
Unauthenticated File Upload vulnerability leading to Remote Code Execution (RCE)
<= 1.3.3.2
May 27, 2020