CVE-2024-1596
- EPSS 3.23%
- Veröffentlicht 07.09.2024 12:15:11
- Zuletzt bearbeitet 26.09.2024 16:23:08
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. RTX file) in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes ...
CVE-2022-0888
- EPSS 9.3%
- Veröffentlicht 23.03.2022 20:15:10
- Zuletzt bearbeitet 21.11.2024 06:39:36
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for un...
CVE-2022-0889
- EPSS 2.02%
- Veröffentlicht 23.03.2022 20:15:10
- Zuletzt bearbeitet 21.11.2024 06:39:36
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/controllers/uploads.php file which can be used by unaut...
CVE-2019-10869
- EPSS 48%
- Veröffentlicht 07.05.2019 18:29:01
- Zuletzt bearbeitet 21.11.2024 04:20:00
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fie...