Nazsabuz Wp Dropzone vulnerabilities
2 known vulnerabilities affecting nazsabuz/wp_dropzone.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-12775P2HIGHCVSS 8.8≤ 1.1.02025-11-18
CVE-2025-12775 [HIGH] CWE-434 CVE-2025-12775: The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all ver
The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 1.1.0 via the `ajax_upload_handle` function. This is due to the chunked upload functionality writing files directly to the uploads directory before any file type validation occurs. This makes it possible for authenticated att
nvd
CVE-2025-13989P4MEDIUMCVSS 6.4≤ 1.1.12025-12-12
CVE-2025-13989 [MEDIUM] CWE-79 CVE-2025-13989: The WP Dropzone plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callback'
The WP Dropzone plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callback' shortcode attribute in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied 'callback' attributes, which are evaluated as JavaScript code via the `new Function()` constructor. Th
nvd