CVE-2026-5710 | glenwpcoder Drag and Drop Multiple File Upload for Contact Form 7 Plugin Email Attachment dnd_wpcf7_posted_data path traversal

A vulnerability marked as critical has been reported in glenwpcoder Drag and Drop Multiple File Upload for Contact Form 7 Plugin up to 1.3.9.6 on WordPress. The affected element is the function dnd_wpcf7_posted_data of the component Email Attachment Handler. Performing a manipulation of the argument mfile[] results in path traversal.

This vulnerability is cataloged as CVE-2026-5710. It is possible to initiate the attack remotely. There is no exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More