2 matches found
CVE-2019-10869
CVE-2019-10869 affects WordPress Ninja Forms Plugin prior to version 3.0.23 (when the Uploads add-on is activated). It enables path traversal and unrestricted file upload via the uploads handling (includes/fields/upload.php, aka upload/submit page) name and tmp_name parameters, allowing an attack...
CVE-2024-1596
Summary of CVE-2024-1596 (Ninja Forms - File Uploads, WordPress) Root cause: Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the Ninja Forms - File Uploads plugin for WordPress. Affected versions: all up to and including 3.3.16. Impact: unauthenticated at...