CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-1282

The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.8%

CVSS Severity

CVSS v3 Score 6.1

References

Products affected by CVE-2023-1282

Codedropz » Drag And Drop Multiple File Upload - Contact Form 7 » Version: Any

cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*
Codedropz » Drag And Drop Multiple File Upload - Contact Form 7 » Version: 5.0.6.1

cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:5.0.6.1
Codedropz » Drag And Drop Multiple File Upload - Contact Form 7 » Version: 5.0.6.3

cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:5.0.6.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-1282

Products

Pricing

Contact Us