CVE-2022-3282

Name of the Vulnerable Software and Affected Versions Drag and Drop Multiple File Upload WordPress plugin versions prior to 1.3.6.5

Description The issue arises from the plugin not properly checking the upload size limit set in forms. Instead, it takes the value from user input sent when submitting the form. This allows attackers to control the file length limit and bypass the limit set by administrators in the contact form.

Recommendations For versions prior to 1.3.6.5, update to version 1.3.6.5 or later to resolve the issue. As a temporary workaround, consider restricting the upload size limit in the contact form settings to minimize the risk of exploitation.