Lucene search
K

CVE-2026-0740

🗓️ 07 Apr 2026 04:25:58Reported by WordfenceType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 132 Views🌐 WEB

Unauthenticated arbitrary file upload in Ninja Forms File Uploads up to 3.3.26, risking remote code execution.

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2026-0740
17 Apr 202603:32
githubexploit
GithubExploit
Mephisto
21 May 202605:06
githubexploit
GithubExploit
Exploit for CVE-2026-0740
11 May 202614:39
githubexploit
GithubExploit
Exploit for CVE-2026-0740
11 Jul 202613:27
githubexploit
GithubExploit
Exploit for CVE-2026-0740
8 Apr 202601:20
githubexploit
ATTACKERKB
CVE-2026-0740
7 Apr 202604:25
attackerkb
Circl
CVE-2026-0740
6 Apr 202617:19
circl
CNNVD
WordPress plugin Ninja Forms - File Uploads 代码问题漏洞
7 Apr 202600:00
cnnvd
Cvelist
CVE-2026-0740 Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
7 Apr 202604:25
cvelist
Exploit DB
Ninja Forms Uploads - Unauthenticated PHP File Upload
13 May 202600:00
exploitdb
Rows per page
Vulners
Node
[
  {
    "vendor": "SaturdayDrive",
    "product": "Ninja Forms - File Uploads",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "3.3.26",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]
ParameterPositionPathDescriptionCWE
actionrequest bodywp-admin/admin-ajax.phpAJAX endpoint used to obtain nonce for Ninja Forms Uploads (nf_fu_get_new_nonce)CWE-434
field_idrequest bodywp-admin/admin-ajax.phpAJAX endpoint used to obtain nonce for Ninja Forms Uploads (nf_fu_get_new_nonce)CWE-434
actionrequest bodywp-admin/admin-ajax.phpAJAX endpoint used to perform file upload via nf_fu_upload with path traversal payloadCWE-434
noncerequest bodywp-admin/admin-ajax.phpAJAX endpoint used to perform file upload via nf_fu_upload with path traversal payloadCWE-434
form_idrequest bodywp-admin/admin-ajax.phpAJAX endpoint used to perform file upload via nf_fu_upload with path traversal payloadCWE-434
field_idrequest bodywp-admin/admin-ajax.phpAJAX endpoint used to perform file upload via nf_fu_upload with path traversal payloadCWE-434
image_jpgrequest bodywp-admin/admin-ajax.phpAJAX endpoint used to perform file upload via nf_fu_upload with path traversal payloadCWE-434
files-<field_id>request bodywp-admin/admin-ajax.phpAJAX endpoint used to perform file upload via nf_fu_upload with path traversal payloadCWE-434
<filename>pathwp-content/uploads/ninja-forms/tmp/../../../../<filename>Location where uploaded files are stored after path traversal (target for potential RCE if improper validation occurs)CWE-434

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 10:11Current
6.6Medium risk
Vulners AI Score6.6
CVSS 3.19.8
EPSS0.54254
SSVC
132