The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2022-03-23T19:46:51
Updated: 2024-08-02T23:47:42.076Z
Reserved: 2022-03-08T00:00:00
Link: CVE-2022-0888
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-03-23T20:15:10.470
Modified: 2024-11-21T06:39:36.227
Link: CVE-2022-0888
Redhat
No data.