Vulnerabilities

CVE-2025-14457 - Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.2 - missing autho

2026-01-15 0 views admin
CVE-2025-14457 - Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.2 - missing autho

CVE ID : CVE-2025-14457 Published : Jan. 15, 2026, 7:16 a.m. | 41 minutes ago Description : The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ownership check in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.9.2. This makes it possible for unauthenticated attackers to delete arbitrary uploaded files when the

CVE Details

Published
Jan. 15, 2026
Affected Product: WordPress

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-14457wordpress

More from Vulnerabilities

CVE-2025-14448 - WP-Members Membership Plugin <= 3.5.4.3 - authenticated (subscriber+) stored cro

CVE-2025-14448 - WP-Members Membership Plugin <= 3.5.4.3 - authenticated (subscriber+) stored cro

2026-01-15 0
CVE-2026-0601 - Nexus Repository 3 - Cross-Site Scripting

CVE-2026-0601 - Nexus Repository 3 - Cross-Site Scripting

2026-01-15 0
CVE-2025-12166 - Simply Schedule Appointments <= 1.6.9.9 - unauthenticated sql injection via `ord

CVE-2025-12166 - Simply Schedule Appointments <= 1.6.9.9 - unauthenticated sql injection via `ord

2026-01-15 0
CVE-2025-14058 - Lenovo Tablets Authentication Bypass

CVE-2025-14058 - Lenovo Tablets Authentication Bypass

2026-01-15 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views