The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress has a security issue where it does not properly check the file path. This means that attackers who are not logged in can delete certain files on the server. However, they cannot delete important files like wp-config.php, which could allow them to take control of the website.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
