vulnerable

Hi @m4declare1 ,

The vulnerability issue has been fixed both in Free and Pro version.

As you can see it here – https://wpscan.com/plugin/drag-n-drop-upload-cf7-pro

Patched Link – https://patchstack.com/database/vulnerability/drag-and-drop-multiple-file-upload-contact-form-7/wordpress-drag-and-drop-multiple-file-upload-pro-contact-form-7-standard-plugin-2-11-0-reflected-cross-site-scripting-vulnerability?_a_id=110

Please let me know.

• This reply was modified 1 year, 8 months ago by James Huff.
• This reply was modified 1 year, 8 months ago by Glen Don Mongaya.
• This reply was modified 1 year, 8 months ago by Yui.

Please update to version 2.11.1.

You can manually update the plugin by going to Dashboard -> Updates click “Check again” button multiple times until the new updates/version will show up.

@glenwpcoder

Hi Glen,

I’m having the same issue. ManageWP is flagging the plugin as vulnerable below version 2.11.0, but the latest version for this plugin is 1.3.6.7, which I have already updated to. Also downloaded manually from here and uploaded, but still vulnerable.

Hello @m4declare1 ,

If you are updated to version 1.3.6.7 you are safe and ignore the message.

The issue is related to pro version < 2.11.0 I’m not sure if their database is updated, it’s on their end maybe they will need to double check or update the status of the issue.

They will probably notify all the customers (in general) whether using pro or free version as some of them using Our pro version.

Thank You.

Great news @glenwpcoder

ManageWP seems to have fixed this and now the plugin isn’t flagged as vulnerable anymore. Thank you!

Thanks for letting me know @jayahn4