High 8.1
2026-04-17< 1.3.9.7
CVE-2026-5718
Drag and Drop Multiple File Upload for Contact Form 7
Vulnerabilities 19Slug drag-and-drop-multiple-file-upload-contact-form-7Latest version 1.3.9.7WordPress.org →
Minimum safe version
1.3.9.7
Update to 1.3.9.7 or later to address 19 fixable vulnerabilities
Latest available1.3.9.7 ✓
High 7.5
2026-04-17< 1.3.9.7
CVE-2026-5710
N/A
2026-03-05< 1.3.9.6
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.5 - Unauthenticated Arbitrary File Upload
Low 3.7
2026-01-15< 1.3.9.3
CVE-2025-14457
Medium 6.1
2026-01-07< 1.3.9.3
CVE-2025-14842
Medium 5.3
2025-08-16< 1.3.9.1
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie
High 8.1
2025-06-17< 1.3.9.0
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.9 - Unauthenticated Arbitrary File Upload via Insufficient Blacklist Checks
High 7.5
2025-03-28< 1.3.8.8
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion
High 8.8
2025-03-28< 1.3.8.8
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion
N/A
2025-01-30< 1.3.8.6
Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.8.5 - Limited Arbitrary File Deletion
Medium 5.3
2025-01-31< 1.3.8.6
CVE-2024-12267
High 7.5
2024-05-02< 1.3.7.8
CVE-2024-3717
Critical 9.8
2023-11-22< 1.3.7.4
CVE-2023-5822
Medium 5.4
2023-05-24< 1.3.6.6
CVE-2022-45364
N/A
0000-00-00< 1.3.5.5
CVE-2020-24389
Medium 4.3
2022-10-17< 1.3.6.5
CVE-2022-3282
N/A
2020-09-21< 1.3.5.5
WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.5.4 - Unauthenticated Remote Code Execution vulnerability
Medium 5.4
2022-03-28< 1.3.6.3
CVE-2022-0595
Critical 9.8
2020-06-08< 1.3.3.3
CVE-2020-12800