WordPress Plugin Vulnerabilities

Ninja Forms File Uploads Extension <= 3.0.22 - Unauthenticated Arbitrary File Upload

Description

The ninja-forms-uploads WordPress plugin was affected by an Unauthenticated Arbitrary File Upload security vulnerability.

Affects Plugins

Plugin icon
ninja-forms-uploads
Fixed in 3.0.23

References

CVE
CVE-2019-10869
URL
https://www.onvio.nl/nieuws/ninjaforms-vulnerability
URL
https://ninjaforms.com/extensions/file-uploads/

Miscellaneous

Original Researcher
Jasper Weijts, Onvio
Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
e5898e0e-db43-4641-b2cd-f6a72cdb8993

Timeline

Publicly Published
2019-04-11 (about 7 years ago)
Added
2019-05-10 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2016-02-15
Title
Backup Guard < 1.0.3 - Authenticated Arbitrary File Upload
Published
2023-02-13
Title
WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload
Published
2023-08-28
Title
Olive One Click Demo Import <= 1.1.2 - Admin+ Arbitrary File Upload
Published
2025-10-31
Title
Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent < 1.3.33 - Unauthenticated Arbitrary File Upload
Published
2014-08-01
Title
SEM WYSIWYG - Arbitrary File Upload