Product
The Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files within the 'wp-content' directory readable by the web server process.