CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

Patchstack•added 2026/04/07 10:29 a.m.•7 views

WordPress Ninja Forms - File Upload plugin <= 3.3.26 - Unauthenticated Arbitrary File Upload vulnerability

WordPress Ninja Forms - File Upload plugin = 3.3.26 - Unauthenticated Arbitrary File Upload vulnerability discovered by Sélim Lanouar whattheslime in WordPress Plugin Ninja Forms File Uploads Extension versions = 3.3.26...

9.8CVSS5.9AI score0.54254EPSS

Exploits6References1Affected Software1

Patchstack•added 2024/09/09 12:43 a.m.•4 views

WordPress Ninja Forms File Uploads plugin <= 3.3.16 - Unauthenticated Stored Cross-Site Scripting via File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Ninja Forms File Uploads Extension versions = 3.3.16...

7.2CVSS5.8AI score0.00403EPSS

Exploits0References1Affected Software1

OSV•added 2022/03/23 8:15 p.m.•3 views

CVE-2022-0889

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web script...

6.1CVSS5.6AI score0.00748EPSS

Exploits0References2

OSV•added 2022/03/23 8:15 p.m.•3 views

CVE-2022-0888

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious file...

9.8CVSS6AI score0.39393EPSS

Exploits2References3

CVE•added 2022/03/23 7:46 p.m.•85 views

CVE-2022-0889

CVE-2022-0889 concerns the WordPress plugin Ninja Forms – File Uploads Extension. Affected: Ninja Forms File Uploads Extension for WordPress; vulnerable file: ~/includes/ajax/controllers/uploads.php; root cause: missing sanitization of the filename parameter allows reflected Cross-Site Scripting....

7.2CVSS6.1AI score0.00748EPSS

Exploits0References2Affected Software1

CNNVD•added 2022/03/23 12:0 a.m.•6 views

WordPress plugin Ninja Forms - File Uploads Extension 代码问题漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. WordPress Ninja Forms - File Uploads Extension Plugin...

9.8CVSS6.1AI score0.39393EPSS

Exploits2References3

Positive Technologies•added 2022/03/23 12:0 a.m.•4 views

PT-2022-13504 · WordPress · Ninja Forms - File Uploads Extension

Name of the Vulnerable Software and Affected Versions: Ninja Forms - File Uploads Extension WordPress plugin versions up to and including 3.3.12 Description: The issue is related to reflected cross-site scripting due to missing sanitization of the filename parameter found in the...

7.2CVSS6.1AI score0.00748EPSS

Exploits0References5

Positive Technologies•added 2022/03/23 12:0 a.m.•4 views

PT-2022-13503 · WordPress · Ninja Forms - File Uploads Extension

Name of the Vulnerable Software and Affected Versions: Ninja Forms - File Uploads Extension WordPress plugin versions up to and including 3.3.0 Description: The issue is related to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file, which can be...

9.8CVSS9.6AI score0.39393EPSS

Exploits2References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by