CVE-2022-0888

Published: Mar 23, 2022Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0

Affected (1)

Products: Ninjaforms: Ninja Forms File Uploads

1 product

Ninja Forms File Uploads

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ninjaforms Ninja Forms File Uploads	Up to 3.3.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

https://gist.github.com/Xib3rR4dAr/5f0accbbfdee279c68ed144da9cd8607

Source: security@wordfence.com

ExploitPatchThird Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/f00eeaef-f277-481f-9e18-bf1ced0015a0?source=cve

Source: security@wordfence.com

https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0888

Source: security@wordfence.com

Third Party Advisory

https://gist.github.com/Xib3rR4dAr/5f0accbbfdee279c68ed144da9cd8607

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/f00eeaef-f277-481f-9e18-bf1ced0015a0?source=cve

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0888

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.