CVE-2025-12775 | WP Dropzone Plugin up to 1.1.0 on WordPress ajax_upload_handle unrestricted upload

November 17, 2025 Yanac

A vulnerability was found in WP Dropzone Plugin up to 1.1.0 on WordPress. It has been rated as critical. This affects the function ajax_upload_handle. Performing manipulation results in unrestricted upload.

This vulnerability was named CVE-2025-12775. The attack may be initiated remotely. There is no available exploit.VulDB Recent EntriesRead More

CVE-2025-12524 | Post Type Switcher Plugin up to 4.0.0 on WordPress resource injection
CVE-2025-12392 | Cryptocurrency Payment Gateway for WooCommerce Plugin Status Update handle_optin_optout authorization