Critical severity9.8NVD Advisory· Published Mar 23, 2022· Updated Apr 8, 2026
CVE-2022-0888
CVE-2022-0888
Description
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:ninjaforms:ninja_forms_file_uploads:*:*:*:*:*:wordpress:*:*Range: <=3.3.0
- Range: <=3.3.0
Patches
Vulnerability mechanics
References
3- gist.github.com/Xib3rR4dAr/5f0accbbfdee279c68ed144da9cd8607nvdExploitPatchThird Party Advisory
- www.wordfence.com/vulnerability-advisories/nvdThird Party Advisory
- www.wordfence.com/threat-intel/vulnerabilities/id/f00eeaef-f277-481f-9e18-bf1ced0015a0nvd
News mentions
0No linked articles in our index yet.