4 matches found
CVE-2022-0889
CVE-2022-0889 concerns the WordPress plugin Ninja Forms – File Uploads Extension. Affected: Ninja Forms File Uploads Extension for WordPress; vulnerable file: ~/includes/ajax/controllers/uploads.php; root cause: missing sanitization of the filename parameter allows reflected Cross-Site Scripting....
CVE-2022-0888
The CVE-2022-0888 entry concerns the WordPress Ninja Forms - File Uploads Extension plugin. Affected component: uploads handling (uploads.php) in the plugin’s codebase. Root cause: insufficient input file type validation allows bypass, enabling unauthenticated attackers to upload arbitrary files....
CVE-2019-10869
CVE-2019-10869 affects WordPress Ninja Forms Plugin prior to version 3.0.23 (when the Uploads add-on is activated). It enables path traversal and unrestricted file upload via the uploads handling (includes/fields/upload.php, aka upload/submit page) name and tmp_name parameters, allowing an attack...
CVE-2024-1596
Summary of CVE-2024-1596 (Ninja Forms - File Uploads, WordPress) Root cause: Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the Ninja Forms - File Uploads plugin for WordPress. Affected versions: all up to and including 3.3.16. Impact: unauthenticated at...