CVE-2026-3459 | Drag and Drop Multiple File Upload Plugin up to 1.3.9.5 on WordPress dnd_upload_cf7_upload unrestricted upload

A vulnerability labeled as critical has been found in Drag and Drop Multiple File Upload Plugin up to 1.3.9.5 on WordPress. This affects the function dnd_upload_cf7_upload. The manipulation results in unrestricted upload.

This vulnerability is known as CVE-2026-3459. It is possible to launch the attack remotely. No exploit is available.