WordPress Ninja Forms-File Uploads Extension Plugin Arbitrary File Uploads Vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. WordPress Ninja Forms - File Uploads Extension Plugin...

WordPress Ninja Forms-File Uploads Extension Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. WordPress Ninja Forms - File Uploads Extension Plugin...

CVE-2022-0888

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious file...

CVE-2022-0889

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web script...

CVE-2022-0889

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web script...

CVE-2022-0888

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious file...

Cross site scripting

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web script...

Input validation

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious file...

CVE-2022-0888 Ninja Forms - File Uploads Extension <= 3.3.0 - Arbitrary File Upload

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious file...

EUVD-2022-15924

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious file...

CVE-2022-0888

The CVE-2022-0888 entry concerns the WordPress Ninja Forms - File Uploads Extension plugin. Affected component: uploads handling (uploads.php) in the plugin’s codebase. Root cause: insufficient input file type validation allows bypass, enabling unauthenticated attackers to upload arbitrary files....

CVE-2022-0889 Ninja Forms - File Uploads Extension <= 3.3.12 - Reflected Cross-Site Scripting

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web script...

CVE-2022-0889

CVE-2022-0889 concerns the WordPress plugin Ninja Forms – File Uploads Extension. Affected: Ninja Forms File Uploads Extension for WordPress; vulnerable file: ~/includes/ajax/controllers/uploads.php; root cause: missing sanitization of the filename parameter allows reflected Cross-Site Scripting....

WordPress plugin Ninja Forms - File Uploads Extension 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. WordPress Ninja Forms - File Uploads Extension Plugin...

PT-2022-13504 · WordPress · Ninja Forms - File Uploads Extension

Name of the Vulnerable Software and Affected Versions: Ninja Forms - File Uploads Extension WordPress plugin versions up to and including 3.3.12 Description: The issue is related to reflected cross-site scripting due to missing sanitization of the filename parameter found in the...

PT-2022-13503 · WordPress · Ninja Forms - File Uploads Extension

Name of the Vulnerable Software and Affected Versions: Ninja Forms - File Uploads Extension WordPress plugin versions up to and including 3.3.0 Description: The issue is related to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file, which can be...

WordPress plugin Ninja Forms - File Uploads Extension 代码问题漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. WordPress Ninja Forms - File Uploads Extension Plugin...

WordPress Ninja Forms plugin <= 3.6.7 - Unauthenticated Email Address Disclosure vulnerability

Unauthenticated Email Address Disclosure vulnerability discovered by Agence Web Coheractio in WordPress Ninja Forms plugin versions = 3.6.7. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.6.8...

Ninja Forms < 3.6.8 - Unauthenticated Email Address Disclosure

The plugin does not delete the temporary files created when exporting submissions, which could allow unauthenticated attackers to download them and get sensitive information such as the email address of users who submitted a form given that the file is publicly accessible, and with a guessable na...

Ninja Forms < 3.6.8 - Unauthenticated Email Address Disclosure

The plugin does not delete the temporary files created when exporting submissions, which could allow unauthenticated attackers to download them and get sensitive information such as the email address of users who submitted a form given that the file is publicly accessible, and with a guessable na...