The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2022-03-23T19:46:51

Updated: 2024-08-02T23:47:42.076Z

Reserved: 2022-03-08T00:00:00

Link: CVE-2022-0888

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-03-23T20:15:10.470

Modified: 2024-11-21T06:39:36.227

Link: CVE-2022-0888

cve-icon Redhat

No data.