PT-2025-45224 · Borisolhor · Drop Uploader For Cf7 - Drag&Drop File Uploader Addon

Published

2025-11-06

Updated

2025-11-06

CVE-2025-53283

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Unrestricted Upload of File with Dangerous Type vulnerability in borisolhor Drop Uploader for CF7 - Drag&Drop File Uploader Addon drop-uploader-for-contact-form-7-dragdrop-file-uploader-addon allows Upload a Web Shell to a Web Server.This issue affects Drop Uploader for CF7 - Drag&Drop File Uploader Addon: from n/a through <= 2.4.1.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2025-53283

Affected Products

Drop Uploader For Cf7 - Drag&Drop File Uploader Addon

CVE-2025-53283

Weakness Enumeration

Related Identifiers

Affected Products

References · 2