WordPress Plugin Vulnerabilities

Ninja Forms File Uploads Extension < 3.3.1 - Unauthenticated Arbitrary File Upload

Description

The plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution

Proof of Concept

Affects Plugins

Plugin icon
ninja-forms-uploads
Fixed in 3.3.1

References

CVE
CVE-2022-0888
URL
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0888

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Muhammad Zeeshan (Xib3rR4dAr)
Submitter
Muhammad Zeeshan (Xib3rR4dAr)
Verified
Yes
WPVDB ID
929b511b-2664-41ac-9b1b-72e6963480b0

Timeline

Publicly Published
2022-03-08 (about 4 years ago)
Added
2022-03-08 (about 4 years ago)
Last Updated
2022-04-12 (about 3 years ago)

Other

Published
Title
Published
2025-01-21
Title
GamiPress < 7.2.2 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function
Published
2014-08-01
Title
Archin 3.2 - hades_framework/option_panel/ajax.php Configuration Option Manipulation
Published
2018-12-10
Title
WooCommerce <= 3.4.5 - Authenticated Phar Deserialization
Published
2020-03-25
Title
Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit
Published
2017-08-26
Title
Multiple Plugins - Unauthenticated RCE via PHPUnit