CVE-2025-3515: CWE-434 Unrestricted Upload of File with Dangerous Type in glenwpcoder Drag and Drop Multiple File Upload for Contact Form 7
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist and upload .phar or other dangerous file types on the affected site's server, which may make remote code execution possible on the servers that are configured to handle .phar files as executable PHP scripts, particularly in default Apache+mod_php configurations where the file extension is not strictly validated before being passed to the PHP interpreter.
AI Analysis
Technical Summary
CVE-2025-3515 is a vulnerability in the Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin caused by insufficient file type validation, allowing arbitrary file uploads. Attackers can upload files with dangerous extensions like .phar, potentially leading to remote code execution on servers that treat these files as executable PHP scripts. This is particularly relevant for default Apache+mod_php configurations where file extension checks are not strictly enforced. The vulnerability affects all versions up to and including 1.3.8.9. The CVSS v3.1 base score is 8.1, indicating a high severity. No patch or official fix has been documented yet, and no exploits are currently known in the wild.
Potential Impact
Successful exploitation allows unauthenticated attackers to upload arbitrary files with dangerous extensions, such as .phar, to the affected server. If the server is configured to execute these files as PHP scripts (common in default Apache+mod_php environments), this can lead to remote code execution, compromising confidentiality, integrity, and availability of the affected system. The high CVSS score reflects the critical impact on system security if exploited.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, administrators should consider disabling or removing the vulnerable plugin or restricting file upload capabilities. Additionally, server configurations should be hardened to prevent execution of uploaded files with dangerous extensions, for example by disabling execution of .phar files or enforcing strict file type validation at the server level.
CVE-2025-3515: CWE-434 Unrestricted Upload of File with Dangerous Type in glenwpcoder Drag and Drop Multiple File Upload for Contact Form 7
Description
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist and upload .phar or other dangerous file types on the affected site's server, which may make remote code execution possible on the servers that are configured to handle .phar files as executable PHP scripts, particularly in default Apache+mod_php configurations where the file extension is not strictly validated before being passed to the PHP interpreter.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-3515 is a vulnerability in the Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin caused by insufficient file type validation, allowing arbitrary file uploads. Attackers can upload files with dangerous extensions like .phar, potentially leading to remote code execution on servers that treat these files as executable PHP scripts. This is particularly relevant for default Apache+mod_php configurations where file extension checks are not strictly enforced. The vulnerability affects all versions up to and including 1.3.8.9. The CVSS v3.1 base score is 8.1, indicating a high severity. No patch or official fix has been documented yet, and no exploits are currently known in the wild.
Potential Impact
Successful exploitation allows unauthenticated attackers to upload arbitrary files with dangerous extensions, such as .phar, to the affected server. If the server is configured to execute these files as PHP scripts (common in default Apache+mod_php environments), this can lead to remote code execution, compromising confidentiality, integrity, and availability of the affected system. The high CVSS score reflects the critical impact on system security if exploited.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, administrators should consider disabling or removing the vulnerable plugin or restricting file upload capabilities. Additionally, server configurations should be hardened to prevent execution of uploaded files with dangerous extensions, for example by disabling execution of .phar files or enforcing strict file type validation at the server level.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-04-11T11:25:49.385Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 685136a2a8c92127438581c6
Added to database: 6/17/2025, 9:34:26 AM
Last enriched: 4/9/2026, 10:14:22 AM
Last updated: 5/9/2026, 5:54:34 AM
Views: 181
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.