Ninja Forms File Uploads Extension <= 3.0.22 - Unauthenticated Arbitrary File Upload

Affects Plugin

fixed in version 3.0.23

References

CVE 2019-10869
URL https://www.onvio.nl/nieuws/ninjaforms-vulnerability
URL https://ninjaforms.com/extensions/file-uploads/

Classification

Type UPLOAD
CWE CWE-434

Miscellaneous

Original Researcher Jasper Weijts, Onvio
Submitter Ryan Dewhurst
Submitter Website https://wpscan.io
Submitter Twitter ethicalhack3r
Views 6030
Verified No
WPVDB ID 9272

Timeline

Publicly Published 2019-04-11 (5 months ago)
Added 2019-05-10 (4 months ago)
Last Updated 2019-05-10 (4 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin