3 matches found
Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin
On April 6th, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Ninja Forms – File Upload, a WordPress plugin with an estimated 50,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to upload arbitrary files, including PHP...
WordPress plugin Ninja Forms - File Uploads 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
Ninja Forms File Uploads Extension < 3.3.1 - Unauthenticated Arbitrary File Upload
The plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code...