The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to path traversal leading to arbitrary file read in versions up to and including 1.3.9.6.
Claims
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to path traversal leading to arbitrary file read in versions up to and including 1.3.9.6.
Parent: WordPress PluginsEntity: Drag and Drop Multiple File Upload for Contact Form 7Impact: negativeDate: Apr 17, 2026Target: The security of the Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress
Source posts
๐จ EUVD-2026-23458
๐ Score: 7.5/10 (CVSS v3.1)
๐ฆ Product: Drag and Drop Multiple File Upload for Contact Form 7
๐ข Vendor: glenwpcoder
๐
Updated: 2026-04-17
๐ The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to the plugin...
๐ https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23458
#cybersecurity #infosec #euvd #cve #vulnerability
0 boosts ยท 0 favs ยท 0 replies ยท Apr 17, 2026
#cybersecurity#infosec#euvd#cve#vulnerability
๐ CVE-2026-5710 - High (7.5)
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to the plugin using client-supplied mfile[] POST val...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-5710/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
0 boosts ยท 0 favs ยท 0 replies ยท Apr 17, 2026
#cve#vulnerability#infosec#cybersecurity#security#tenda