Ninjaforms Ninja Forms File Uploads — known CVE vulnerabilities
Every CVE whose affected-product data names Ninjaforms Ninja Forms File Uploads, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-0888 — CVSS 9.8 (critical): The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type…
CVE-2019-10869 — CVSS 8.1 (high): Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is…
CVE-2022-0889 — CVSS 7.2 (high): The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of…
CVE-2024-1596 — CVSS 7.2 (high): The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. RTX file) in…