Drag and Drop Multiple File Upload – Contact Form 7
Glen Don Mongaya
Developer
1.3.9.2
Latest version
60,000
Installations
Nov 7, 2025
Last updated
Vulnerability history
0 present
12 fixed
7 Mitigation rules
- Directory Traversal via `wpcf7_guest_user_id` Cookie vulnerability<= 1.3.9.0Aug 16, 2025
- Unauthenticated Arbitrary File Upload via Insufficient Blacklist Checks vulnerability<= 1.3.8.9Jun 17, 2025
- Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion vulnerability<= 1.3.8.7Mar 27, 2025
- Unauthenticated Arbitrary File Deletion vulnerability<= 1.3.8.7Mar 27, 2025
- Limited Arbitrary File Deletion vulnerability<= 1.3.8.5Jan 30, 2025
- Sensitive Information Exposure vulnerability<= 1.3.7.7Apr 30, 2024
- Wordpress Drag and Drop Multiple File Upload - Contact Form 7 plugin <= 1.3.7.3 - Unauthenticated Arbitrary File Upload vulnerability<= 1.3.7.3Nov 2, 2023
- Multiple CSRF vulnerabilities<= 1.3.6.5Feb 24, 2023
- File Upload Size Limit Bypass vulnerability<= 1.3.6.4Sep 26, 2022
- Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability<= 1.3.6.2Mar 7, 2022
- Unauthenticated Remote Code Execution vulnerability<= 1.3.5.4Sep 21, 2020
- Unauthenticated File Upload vulnerability leading to Remote Code Execution (RCE)<= 1.3.3.2May 27, 2020