CVE-2026-8991 | glenwpcoder Drag and Drop Multiple File Upload for Contact Form 7 Plugin Setting cross site scripting

A vulnerability has been found in glenwpcoder Drag and Drop Multiple File Upload for Contact Form 7 Plugin up to 1.3.9.7 on WordPress and classified as problematic. The impacted element is an unknown function of the component Setting Handler. Performing a manipulation of the argument drag_n_drop_text/drag_n_drop_browse_text results in cross site scripting.

This vulnerability is reported as CVE-2026-8991. The attack is possible to be carried out remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More