Sh1Zen Multi Uploader For Gravity Forms vulnerabilities
2 known vulnerabilities affecting sh1zen/multi_uploader_for_gravity_forms.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2025-14344P2CRITICALCVSS 9.8≤ 1.1.72025-12-12
CVE-2025-14344 [CRITICAL] CWE-22 CVE-2025-14344: The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion d
The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'plupload_ajax_delete_file' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.
nvd
CVE-2025-23921P3CRITICALCVSS 9.0≤ 1.1.32025-01-22
CVE-2025-23921 [CRITICAL] CWE-434 CVE-2025-23921: Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity F
Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload a Web Shell to a Web Server.This issue affects Multi Uploader for Gravity Forms: from n/a through <= 1.1.3.
nvd