A vulnerability, which was classified as problematic , has been found in Glen Don Mongaya Drag and Drop Multiple File Upload Plugin up to 1.3.9.7 on WordPress. Affected by this vulnerability is an unknown functionality. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2026-49055 . It is possible to initiate the attack remotely. There is no exploit available.