CodeDropz Drag and Drop Multiple File Upload
Moderate fix2 remedies
cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_for_woocommerce:*:*:*:*:wordpress:*:*
Moderate fix2 remedies
- <= 1.7.1
- 5.0 - 5.0.5
WooCommerce Drag and Drop Multiple File Upload Pro Unauthenticated Arbitrary File Upload Vulnerability
Vulnerability
Patched
A vulnerability allowing arbitrary file uploads has been identified in the Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress. This issue arises from inadequate file type validation in the 'dnd_upload_cf7_upload_chunks()' function. The vulnerability affects versions 5.0 to 5.0.5 (when used with the PrintSpace theme) and all versions up to and including 1.7.1 (in the standalone version). As a result, unauthenticated attackers can upload arbitrary files to the affected site's server, potentially leading to remote code execution. Although PHP execution is generally disabled via a .htaccess file, it remains possible in certain server configurations.
Impact
Exploitation of this vulnerability allows for unauthenticated arbitrary file uploads, which could be used to upload malicious files that may be executed on the server, potentially leading to remote code execution.
Remediation
Users are advised to update to version 1.7.2 or 5.0.7, both of which contain the necessary patch.
Added: Jul 2, 2025, 4:34 AM
Updated: Jul 2, 2025, 4:34 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
10.0exploitability
7.6remediation
7.7relevance
0.2threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.