Ninja Forms File Uploads plugin for WordPress <= 3.3.26
Summary
This vulnerability stems from missing file type validation in the upload handler of the Ninja Forms File Uploads WordPress plugin. It allows unauthenticated remote attackers to upload arbitrary files to the affected web server. This can lead to full remote code execution on the target host.
Remediation
Update the Ninja Forms File Uploads plugin to version 3.3.27 or later immediately. Until the update can be applied, block unauthenticated access to the plugin's upload endpoint via a web application firewall.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.