VYPR

Wp Dropzone

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-12775HigNov 18, 2025
    risk 0.57cvss 8.8epss 0.01

    The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 1.1.0 via the `ajax_upload_handle` function. This is due to the chunked upload functionality writing files directly to the uploads directory before any…

  • CVE-2025-13989MedDec 12, 2025
    risk 0.42cvss 6.4epss 0.00

    The WP Dropzone plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callback' shortcode attribute in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied 'callback' attributes, which…