A vulnerability has been found in glenwpcoder Drag and Drop Multiple File Upload for Contact Form 7 Plugin up to 1.3.9.7 on WordPress and classified as problematic . The impacted element is an unknown function of the component Setting Handler . Performing a manipulation of the argument drag_n_drop_text/drag_n_drop_browse_text results in cross site scripting. This vulnerability is reported as CVE-2026-8991 . The attack is possible to be carried out remotely. No exploit exists. The affected compon