VYPR

Gf Multi Uploader

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-23921CriJan 22, 2025
    risk 0.59cvss 9.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload a Web Shell to a Web Server.This issue affects Multi Uploader for Gravity Forms: from n/a through <= 1.1.3.

  • CVE-2025-14344CriDec 12, 2025
    risk 0.57cvss 9.8epss 0.00

    The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'plupload_ajax_delete_file' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated…