CVE-2022-0595

CVE-2022-0595: Drag and Drop Multiple File Upload - Contact Form 7 < 1.3.6.3 - Unauthenticated Stored XSS

Vendor Unknown
Product Drag and Drop Multiple File Upload – Contact Form 7
Weakness CWE-79 · XSS
Published March 28, 2022
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue

Key dates

02Disclosure timeline

March 28, 2022 CVE published
August 2, 2024 Record updated