CVE-2025-8464 | Drag and Drop Multiple File Upload for Contact Form 7 Plugin Cookie path traversal

Inserito da Angelo Barbosa | Ago 15, 2025 | CVE

A vulnerability classified as critical has been found in Drag and Drop Multiple File Upload for Contact Form 7 Plugin up to 1.3.9.0 on WordPress. This affects an unknown part of the component Cookie Handler. The manipulation of the argument wpcf7_guest_user_id leads to path traversal.

This vulnerability is uniquely identified as CVE-2025-8464. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2025-8464 | Drag and Drop Multiple File Upload for Contact Form 7 Plugin Cookie path traversal

Post correlati

CVE-2024-45505 | Apache HertzBeat up to 1.6.0 command injection

CVE-2024-37370 | MIT Kerberos 5 up to 1.21.2 GSS Message Token Privilege Escalation

CVE-2018-9406 | Google Android NlpService permission

CVE-2023-49156 | GoDaddy Email Marketing Plugin up to 1.4.3 on WordPress authorization