Ninjaforms - Ninja Forms File Uploads CVE

Filtered by vendor Ninjaforms Subscribe

Filtered by product Ninja Forms File Uploads

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-0889	1 Ninjaforms	1 Ninja Forms File Uploads	2024-01-11	4.3 MEDIUM	6.1 MEDIUM
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web scripts to vulnerable WordPress sites, in versions up to and including 3.3.12.

Vulnerabilities (CVE)