Back to CVE Browser

CVE-2020-12800

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0580%

EPSS Percentile24.61th

PublishedJun 8, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.

Affected Platforms (CPE)

📦

Codedropz

Drag And Drop Multiple File Upload Contact Form 7

< 1.3.3.3

References & Advisories

🔗 https://packetstormsecurity.com/files/157951/WordPress-Drag-And-Drop-Multi-File-Uploader-Remote-Code-Execution.html

🔗 https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/#developers

🔗 https://packetstormsecurity.com/files/157951/WordPress-Drag-And-Drop-Multi-File-Uploader-Remote-Code-Execution.html

🔗 https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/#developers

Related Vulnerabilities

CVE-2026-57188.1

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions ...

CVE-2026-490557.1

Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions.

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...