← Retour aux CVEs

CVE-2022-0888

CRITICAL

9.8

Description

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie3/23/2022

Derniere modification4/8/2026

Sourcenvd

Observations honeypot0

Produits affectes

ninjaforms:ninja_forms_file_uploads

Faiblesses (CWE)

CWE-434CWE-434

References

https://gist.github.com/Xib3rR4dAr/5f0accbbfdee279c68ed144da9cd8607(security@wordfence.com)

https://www.wordfence.com/threat-intel/vulnerabilities/id/f00eeaef-f277-481f-9e18-bf1ced0015a0?source=cve(security@wordfence.com)

https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0888(security@wordfence.com)

https://gist.github.com/Xib3rR4dAr/5f0accbbfdee279c68ed144da9cd8607(af854a3a-2127-422b-91ae-364da2661108)

https://www.wordfence.com/threat-intel/vulnerabilities/id/f00eeaef-f277-481f-9e18-bf1ced0015a0?source=cve(af854a3a-2127-422b-91ae-364da2661108)

https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0888(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.