Drag and Drop Multiple File Upload – Contact Form 7 < 1.3.6.6 – File Upload and File deletion via CSRF | CVE 2022-45364

Affects Plugins

drag-and-drop-multiple-file-upload-contact-form-7

Fixed in 1.3.6.6

References

CVE

CVE-2022-45364

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

5.4 (medium)

Miscellaneous

Original Researcher

Lana Codes

Verified

No

WPVDB ID

e6a76476-e086-473d-bc1e-3264c85b2441

Timeline

Publicly Published

2023-05-24 (about 2 years ago)

Added

2023-05-24 (about 2 years ago)

Last Updated

2023-05-24 (about 2 years ago)

Other

Published

Title

Published

2024-04-05

Title

Multiple Page Generator Plugin – MPG < 3.4.1 - Cross-Site Request Forgery

Published

2023-10-17

Title

Envo Extra < 1.8.4 - Cross-Site Request Forgery

Published

2024-07-12

Title

i-transform <= 3.0.9 - Cross-Site Request Forgery

Published

2023-04-19

Title

SiteAlert (Formerly WP Health) <= 1.9.8 - Cross-Site Request Forgery

Published

2021-07-28

Title

Post Index <= 0.7.5 - CSRF to Stored XSS