Ninja Forms File Uploads Extension <= 3.0.22 - Unauthenticated Arbitrary File Upload

Affects Plugin

fixed in version 3.0.23

References

CVE 2019-10869
URL https://www.onvio.nl/nieuws/ninjaforms-vulnerability
URL https://ninjaforms.com/extensions/file-uploads/

Classification

Type UPLOAD
CWE CWE-434

Miscellaneous

Original Researcher Jasper Weijts, Onvio
Submitter Ryan Dewhurst
Submitter Website https://wpscan.io
Submitter Twitter ethicalhack3r
Views 2068
Verified No
WPVDB ID 9272

Timeline

Publicly Published 2019-04-11 (about 1 month ago)
Added 2019-05-10 (10 days ago)
Last Updated 2019-05-10 (10 days ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.