Lucene search
K
NinjaformsNinja Forms File Uploads

4 matches found

CVE
CVE
added 2022/03/23 7:46 p.m.88 views

CVE-2022-0889

CVE-2022-0889 concerns the WordPress plugin Ninja Forms – File Uploads Extension. Affected: Ninja Forms File Uploads Extension for WordPress; vulnerable file: ~/includes/ajax/controllers/uploads.php; root cause: missing sanitization of the filename parameter allows reflected Cross-Site Scripting....

7.2CVSS6.1AI score0.00748EPSS
Web
CVE
CVE
added 2022/03/23 7:46 p.m.79 views

CVE-2022-0888

The CVE-2022-0888 entry concerns the WordPress Ninja Forms - File Uploads Extension plugin. Affected component: uploads handling (uploads.php) in the plugin’s codebase. Root cause: insufficient input file type validation allows bypass, enabling unauthenticated attackers to upload arbitrary files....

9.8CVSS9.7AI score0.39393EPSS
Web
CVE
CVE
added 2019/05/07 5:7 p.m.71 views

CVE-2019-10869

CVE-2019-10869 affects WordPress Ninja Forms Plugin prior to version 3.0.23 (when the Uploads add-on is activated). It enables path traversal and unrestricted file upload via the uploads handling (includes/fields/upload.php, aka upload/submit page) name and tmp_name parameters, allowing an attack...

8.1CVSS8.1AI score0.13018EPSS
Web
CVE
CVE
added 2024/09/07 11:17 a.m.63 views

CVE-2024-1596

Summary of CVE-2024-1596 (Ninja Forms - File Uploads, WordPress) Root cause: Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the Ninja Forms - File Uploads plugin for WordPress. Affected versions: all up to and including 3.3.16. Impact: unauthenticated at...

7.2CVSS6.1AI score0.00403EPSS