VYPR

Multi Uploader for Gravity Forms

by WordPress

CVEs (2)

  • CVE-2025-23921CriJan 22, 2025
    risk 0.59cvss 9.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload a Web Shell to a Web Server.This issue affects Multi Uploader for Gravity Forms: from n/a through <= 1.1.3.

  • CVE-2025-14344CriDec 12, 2025
    risk 0.57cvss 9.8epss 0.00

    The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'plupload_ajax_delete_file' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated…