2 matches found
CVE-2022-0889 Ninja Forms - File Uploads Extension <= 3.3.12 - Reflected Cross-Site Scripting
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web script...
CVE-2022-0889
CVE-2022-0889 concerns the WordPress plugin Ninja Forms – File Uploads Extension. Affected: Ninja Forms File Uploads Extension for WordPress; vulnerable file: ~/includes/ajax/controllers/uploads.php; root cause: missing sanitization of the filename parameter allows reflected Cross-Site Scripting....