Title: Security report
Last modified: June 9, 2026

---

# Security report

 *  [Vania](https://wordpress.org/support/users/twvania/)
 * (@twvania)
 * [5 days, 15 hours ago](https://wordpress.org/support/topic/security-report-4/)
 * Hi,
 * Could you please take a look at this [Wordfence report](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-for-contact-form-7-1396-unauthenticated-limited-arbitrary-file-read-via-mfile-field)
   for the plugin?
 * It looks like there are multiple vulnerabilities listed there (several CVEs affecting
   different versions), not just a single issue.
 * We have already detected that malware files were uploaded to one of our sites,
   which appears to be related to the vulnerabilities listed in the report.
 * Thanks.

Viewing 1 replies (of 1 total)

 *  [Rebecca](https://wordpress.org/support/users/yeeaddons/)
 * (@yeeaddons)
 * [4 days, 18 hours ago](https://wordpress.org/support/topic/security-report-4/#post-18934039)
 * Hello [Vania](https://wordpress.org/support/users/twvania/),
 * These were older versions that used our own upload handler. The latest versions
   have been migrated to the native WordPress upload system, which has resolved 
   these issues.
 * You can find the full details in the Wordfence report. Only versions **1.3.9 
   and earlier** are affected. All known issues have been fixed in the latest version.
   
   Thank you so much

Viewing 1 replies (of 1 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-report-4%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/drag-and-drop-file-upload-for-contact-form-7/assets/icon-
   128x128.gif?rev=3568443)
 * [Drag and Drop File Upload for Contact Form 7](https://wordpress.org/plugins/drag-and-drop-file-upload-for-contact-form-7/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/drag-and-drop-file-upload-for-contact-form-7/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/drag-and-drop-file-upload-for-contact-form-7/)
 * [Active Topics](https://wordpress.org/support/plugin/drag-and-drop-file-upload-for-contact-form-7/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/drag-and-drop-file-upload-for-contact-form-7/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/drag-and-drop-file-upload-for-contact-form-7/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [Rebecca](https://wordpress.org/support/users/yeeaddons/)
 * Last activity: [4 days, 18 hours ago](https://wordpress.org/support/topic/security-report-4/#post-18934039)
 * Status: not resolved