CVE-2025-14457 — LOW (3.7) — White Hats Nepal

Q: How severe is CVE-2025-14457?

CVE-2025-14457 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-14457?

Check the references section above for vendor advisories and patch information. Affected products include: Codedropz Contact Form 7.

Vulnerability Description

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ownership check in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.9.2. This makes it possible for unauthenticated attackers to delete arbitrary uploaded files when the "Send attachments as links" setting is enabled.

CVSS Score

3.7

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Codedropz	Contact Form 7	<= 1.3.9.2

Related Weaknesses (CWE)

CWE-862

References

FAQ

What is CVE-2025-14457?

CVE-2025-14457 is a vulnerability with a CVSS score of 3.7 (LOW). The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ownership check in the dnd_codedropz_upload_delete() ...

How severe is CVE-2025-14457?

CVE-2025-14457 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-14457?

Check the references section above for vendor advisories and patch information. Affected products include: Codedropz Contact Form 7.