cleantalk
Vulnerabilities and Security Researches

Drag and Drop Multiple File Upload – Contact Form 7, CVE-2020-12800

CVE, Research URL

CVE-2020-12800

Home page URL

Security reports for Drag and Drop Multiple File Upload – Contact Form 7

Application

Drag and Drop Multiple File Upload – Contact Form 7

Published on
Jun 08, 2020
Research Description
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
Affected versions
max 1.3.3.3.
Status
vulnerable
Previous vulnerability researches
Drag and Drop Multiple File Upload – Contact Form 7 (CVE-2025-3515) , Jun 18, 2025
Drag and Drop Multiple File Upload – Contact Form 7 (CVE-2025-8464) , Aug 16, 2025
Drag and Drop Multiple File Upload – Contact Form 7 (CVE-2024-3717) , Jun 07, 2024
Drag and Drop Multiple File Upload – Contact Form 7 (CVE-2020-12800) , Jun 07, 2024
Drag and Drop Multiple File Upload – Contact Form 7 (CVE-2022-0595) , Jun 07, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025