CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-12800

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0580%
EPSS Percentile24.61th
Published2020年6月8日
Last Modified2024年11月21日

Vulnerability Description

The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.

Affected Platforms (CPE)

📦
Codedropz

Drag And Drop Multiple File Upload Contact Form 7

< 1.3.3.3

References & Advisories

🔗 https://packetstormsecurity.com/files/157951/WordPress-Drag-And-Drop-Multi-File-Uploader-Remote-Code-Execution.html
🔗 https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/#developers
🔗 https://packetstormsecurity.com/files/157951/WordPress-Drag-And-Drop-Multi-File-Uploader-Remote-Code-Execution.html
🔗 https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/#developers

関連する脆弱性情報

CVE-2026-57188.1

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions ...

CVE-2026-490557.1

Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions.

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...