Ninja forms file uploads
This hub aggregates every CVE we track for Ninja forms file uploads, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
3
CVEs tracked
1
Critical
2
High
0
In CISA KEV
Severity distribution
HIGH2CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 3 most recently published vulnerabilities affecting Ninja forms file uploads.
- CVE-2022-0888Ninja Forms - File Uploads Extension <= 3.3.0 - Arbitrary File Upload9.8
- CVE-2022-0889Ninja Forms - File Uploads Extension <= 3.3.12 - Reflected Cross-Site Scripting7.2
- CVE-2019-10869Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system ...8.1
Product normalization is registry-driven with AI assist and human review. How it works