Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Drag and Drop Multiple File Upload for Contact Form 7 — Vulnerabilities & Security Advisories 12

All 12 CVE vulnerabilities found in Drag and Drop Multiple File Upload for Contact Form 7, with AI-generated Chinese analysis, references, and POCs.

Vendor: glenwpcoder

CVE IDTitleCVSSSeverityPublished
CVE-2026-5710 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.6 - Unauthenticated Limited Arbitrary File Read via mfile Field CWE-22 7.5 High2026-04-17
CVE-2026-5718 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.6 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass CWE-434 8.1 High2026-04-17
CVE-2026-3459 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.5 - Unauthenticated Arbitrary File Upload CWE-434 8.1 High2026-03-05
CVE-2025-14457 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.2 - Missing Authorization to Unauthenticated File Deletion CWE-862 3.7 Low2026-01-15
CVE-2025-14842 Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.2 - Unauthenticated Limited Arbitrary File Upload CWE-434 6.1 Medium2026-01-07
CVE-2025-8464 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie CWE-23 5.3 Medium2025-08-16
CVE-2025-3515 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.9 - Unauthenticated Arbitrary File Upload via Insufficient Blacklist Checks CWE-434 8.1 High2025-06-17
CVE-2025-2485 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion CWE-502 7.5 High2025-03-28
CVE-2025-2328 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion CWE-22 8.8 High2025-03-28
CVE-2024-12267 Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.8.5 - Limited Arbitrary File Deletion CWE-73 5.3 Medium2025-01-31
CVE-2024-3717 Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.7.7 - Sensitive Information Exposure CWE-922 5.3 Medium2024-05-02
CVE-2023-5822 Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload CWE-434 8.1 High2023-11-22

All 12 known CVE vulnerabilities affecting Drag and Drop Multiple File Upload for Contact Form 7 with full Chinese analysis, references, and POCs where available.