VYPR

Ninja Forms - File Uploads Extension

by WordPress

CVEs (2)

  • CVE-2022-0888CriMar 23, 2022
    risk 0.67cvss 9.8epss 0.39

    The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to…

  • CVE-2022-0889HigMar 23, 2022
    risk 0.47cvss 7.2epss 0.01

    The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add…