Title: vulnerable Last modified: March 16, 2023 --- # vulnerable * Resolved [I Declare MultiMedia](https://wordpress.org/support/users/m4declare1/) * (@m4declare1) * [3 years ago](https://wordpress.org/support/topic/vulnerable-5/) * **WordPress Drag and Drop Multiple File Upload – Contact Form 7 Plugin <= 2.11.0 is vulnerable to Cross Site Scripting (XSS)** * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fvulnerable-5%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 6 replies - 1 through 6 (of 6 total) * Plugin Author [Glen Don Mongaya](https://wordpress.org/support/users/glenwpcoder/) * (@glenwpcoder) * [3 years ago](https://wordpress.org/support/topic/vulnerable-5/#post-16564314) * Hi [@m4declare1](https://wordpress.org/support/users/m4declare1/) , * The vulnerability issue has been fixed both in Free and Pro version. * As you can see it here – [https://wpscan.com/plugin/drag-n-drop-upload-cf7-pro](https://wpscan.com/plugin/drag-n-drop-upload-cf7-pro) * Patched Link – [https://patchstack.com/database/vulnerability/drag-and-drop-multiple-file-upload-contact-form-7/wordpress-drag-and-drop-multiple-file-upload-pro-contact-form-7-standard-plugin-2-11-0-reflected-cross-site-scripting-vulnerability?_a_id=110](https://patchstack.com/database/vulnerability/drag-and-drop-multiple-file-upload-contact-form-7/wordpress-drag-and-drop-multiple-file-upload-pro-contact-form-7-standard-plugin-2-11-0-reflected-cross-site-scripting-vulnerability?_a_id=110) * Please let me know. - This reply was modified 3 years ago by [James Huff](https://wordpress.org/support/users/macmanx/). - This reply was modified 3 years ago by [Glen Don Mongaya](https://wordpress.org/support/users/glenwpcoder/). - This reply was modified 3 years ago by [Yui](https://wordpress.org/support/users/fierevere/). * Plugin Author [Glen Don Mongaya](https://wordpress.org/support/users/glenwpcoder/) * (@glenwpcoder) * [3 years ago](https://wordpress.org/support/topic/vulnerable-5/#post-16564322) * Please update to version 2.11.1. * You can manually update the plugin by going to Dashboard -> Updates click “** Check again**” button _multiple times _until the new updates/version will show up. * [jayahn4](https://wordpress.org/support/users/jayahn4/) * (@jayahn4) * [3 years ago](https://wordpress.org/support/topic/vulnerable-5/#post-16567688) * [@glenwpcoder](https://wordpress.org/support/users/glenwpcoder/) * Hi Glen, * I’m having the same issue. ManageWP is flagging the plugin as vulnerable below version 2.11.0, but the latest version for this plugin is 1.3.6.7, which I have already updated to. Also downloaded manually from here and uploaded, but still vulnerable. * Plugin Author [Glen Don Mongaya](https://wordpress.org/support/users/glenwpcoder/) * (@glenwpcoder) * [3 years ago](https://wordpress.org/support/topic/vulnerable-5/#post-16567887) * Hello [@m4declare1](https://wordpress.org/support/users/m4declare1/) , * If you are updated to version **1.3.6.7** you are safe and ignore the message. * The issue is related to pro version < **2.11.0** I’m not sure if their database is updated, it’s on their end maybe they will need to double check or update the status of the issue. * They will probably notify all the customers (in general) whether using pro or free version as some of them using Our pro version. * Thank You. * [jayahn4](https://wordpress.org/support/users/jayahn4/) * (@jayahn4) * [3 years ago](https://wordpress.org/support/topic/vulnerable-5/#post-16574827) * Great news [@glenwpcoder](https://wordpress.org/support/users/glenwpcoder/) * ManageWP seems to have fixed this and now the plugin isn’t flagged as vulnerable anymore. Thank you! * Plugin Author [Glen Don Mongaya](https://wordpress.org/support/users/glenwpcoder/) * (@glenwpcoder) * [3 years ago](https://wordpress.org/support/topic/vulnerable-5/#post-16575025) * Thanks for letting me know [@jayahn4](https://wordpress.org/support/users/jayahn4/) Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘vulnerable’ is closed to new replies. * ![](https://ps.w.org/drag-and-drop-multiple-file-upload-contact-form-7/assets/ icon-128x128.jpg?rev=1984850) * [Drag and Drop Multiple File Upload for Contact Form 7](https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/) * [Frequently Asked Questions](https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/#faq) * [Support Threads](https://wordpress.org/support/plugin/drag-and-drop-multiple-file-upload-contact-form-7/) * [Active Topics](https://wordpress.org/support/plugin/drag-and-drop-multiple-file-upload-contact-form-7/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/drag-and-drop-multiple-file-upload-contact-form-7/unresolved/) * [Reviews](https://wordpress.org/support/plugin/drag-and-drop-multiple-file-upload-contact-form-7/reviews/) * 7 replies * 3 participants * Last reply from: [Glen Don Mongaya](https://wordpress.org/support/users/glenwpcoder/) * Last activity: [3 years ago](https://wordpress.org/support/topic/vulnerable-5/#post-16575025) * Status: resolved