Thomas Sanzey

**Name of the Vulnerable Software and Affected Versions** Drag and Drop File Upload for Contact Form 7 versions prior to 1.1.4 **Description** An arbitrary file upload flaw exists because the plugin extracts the file extension before sanitization and allows the `file type` parameter to be controlled by an attacker instead of restricting it to administrator-configured values. Validation is performed on the unsanitized extension, but the file is saved using a sanitized extension, allowing special characters such as `$` to be stripped during the save process. This enables unauthenticated attackers to upload arbitrary PHP files, potentially leading to remote code execution. Real-world exploitability is restricted by name randomization and the presence of an .htaccess file. **Recommendations** Update to a version later than 1.1.3.

**Name of the Vulnerable Software and Affected Versions** Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress versions through 1.3.7.3 **Description** The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress has a flaw that allows for arbitrary file uploads. This is due to inadequate file type validation within the `dnd upload cf7 upload` function. An unauthenticated attacker could potentially upload arbitrary files to the server, which could lead to remote code execution. This is exploitable when a form includes a multiple file upload field and allows all file types ('*'). **Recommendations** Update Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress to a version later than 1.3.7.3.

**Name of the Vulnerable Software and Affected Versions** The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress versions through 28.1.4 **Description** The software is susceptible to a blind SQL Injection issue due to inadequate escaping of user-supplied parameters and insufficient preparation of existing SQL queries. This allows unauthenticated attackers to inject additional SQL queries into existing ones, potentially extracting sensitive information from the database. The issue affects the `cgLostPasswordEmail` and `cgl mail` parameters. The `cgLostPasswordEmail` parameter was addressed in version 28.1.4, and the `cgl mail` parameter was addressed in version 28.1.5. **Recommendations** Versions prior to 28.1.5 should be updated. As a temporary workaround, restrict access to the parameters `cgLostPasswordEmail` and `cgl mail`.

**Name of the Vulnerable Software and Affected Versions** FileBird plugin for WordPress versions up to, and including, 5.5.8.1 **Description** The issue is related to Stored Cross-Site Scripting via imported folder titles due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It may also be possible to socially engineer an administrator into uploading a malicious folder import. **Recommendations** For versions up to, and including, 5.5.8.1, update to a version later than 5.5.8.1 to resolve the issue. As a temporary workaround, consider restricting access to the folder import feature to minimize the risk of exploitation. Avoid using the imported folder titles feature until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MW WP Form plugin for WordPress versions up to, and including, 5.0.3 **Description** The issue arises from the plugin not properly validating the path of an uploaded file prior to deletion, allowing unauthenticated attackers to delete arbitrary files. This can include critical files such as the wp-config.php file, potentially leading to site takeover and remote code execution. **Recommendations** For versions up to, and including, 5.0.3, update to a version higher than 5.0.3 to resolve the issue. As a temporary workaround, consider restricting access to file deletion functionality within the plugin until a patch is available. Avoid using the plugin's file upload and deletion features with untrusted users until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DCS-5220 (affected versions not specified) **Description** The issue is a buffer overflow. It affects D-Link DCS-5220 devices that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.