911 matches found
Ninja Forms File Uploads <= 3.3.26 - Arbitrary File Upload
Ninja Forms File Uploads plugin for WordPress versions up to and including 3.3.26 is vulnerable to unauthenticated arbitrary file upload which could lead to remote code execution. id: CVE-2026-0740 info: name: Ninja Forms File Uploads = 3.3.26 - Arbitrary File Upload author: whattheslime severity...
WordPress Ninja Forms <3.3.18 - Cross-Site Scripting
WordPress Ninja Forms plugin before 3.3.18 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in includes/Admin/Menus/Submissions.php via the begindate, enddate, or formid parameters. This can allow an attacker to steal cookie-based authentication credentials a...
WordPress Ninja Forms <3.4.34 - Open Redirect
WordPress Ninja Forms plugin before 3.4.34 contains an open redirect vulnerability via the wpajaxnfoauthconnect AJAX action, due to the use of a user-supplied redirect parameter and no protection in place. An attacker can redirect a user to a malicious site and possibly obtain sensitive...
Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin id: CVE-2024-7354 info: name: Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting...
WordPress Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend plugin <= 3.3.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend versions = 3.3.2...
Ninja Forms Uploads - Unauthenticated PHP File Upload
Exploit Title: Ninja Forms Uploads - Unauthenticated PHP File Upload Date: 2026-04-09 Exploit Author: Sélim Lanouar @whattheslime Vendor Homepage: https://ninjaforms.com/ Software Link: https://ninjaforms.com/extensions/file-uploads/ Version: 3.3.24 Tested on: WordPress 6.9.3 on Apache and Nginx...
EUVD-2026-29450
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...
CVE-2026-42741
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...
CVE-2026-42741
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views - Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views - Display & Edit Ninja...
CVE-2026-42741 WordPress Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend plugin <= 3.3.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...
CVE-2026-42741
Technical details about CVE-2026-42741 are not publicly available in the provided documents; monitor for updates.
CVE-2026-42741 WordPress Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend plugin <= 3.3.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...
WordPress plugin Ninja Forms Views SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-40008
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...
📄 WordPress Ninja Forms - File Uploads 3.3.26 Shell Upload / Traversal
WordPress Ninja Forms - File Uploads plugin versions 3.3.26 and below arbitrary file upload exploit. !/usr/bin/env python3 """ Ninja Forms Upload - CVE-2026-0740 Author : Xenon1337 """ from future import annotations import pathlib import random import sys import re from datetime import datetime...
Exploit for CVE-2026-0740
CVE-2026-0740 🧩 Overview CVE-2026-0740 is an un...
Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin
On April 6th, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Ninja Forms – File Upload, a WordPress plugin with an estimated 50,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to upload arbitrary files, including PHP...
CVE-2026-0740
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NFFUAJAXControllersUploads::handleupload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload...
Exploit for CVE-2026-0740
CVE-2026-0740 : Ninja Forms - File Upload = 3.3.26 Unauthenti...
WordPress Ninja Forms - File Upload plugin <= 3.3.26 - Unauthenticated Arbitrary File Upload vulnerability
WordPress Ninja Forms - File Upload plugin = 3.3.26 - Unauthenticated Arbitrary File Upload vulnerability discovered by Sélim Lanouar whattheslime in WordPress Plugin Ninja Forms File Uploads Extension versions = 3.3.26...