High severity8.1NVD Advisory· Published May 7, 2019· Updated Jun 17, 2026
CVE-2019-10869
CVE-2019-10869
Description
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Ninja Formsdescription
Patches
Vulnerability mechanics
References
2- www.onvio.nl/nieuws/ninjaforms-vulnerabilitynvdExploitThird Party Advisory
- wpvulndb.com/vulnerabilities/9272nvdThird Party Advisory
News mentions
0No linked articles in our index yet.