Vulnerability Description
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ninjaforms | Ninja Forms File Uploads | < 3.0.23 |
Related Weaknesses (CWE)
References
- https://wpvulndb.com/vulnerabilities/9272Third Party Advisory
- https://www.onvio.nl/nieuws/ninjaforms-vulnerabilityExploitThird Party Advisory
- https://wpvulndb.com/vulnerabilities/9272Third Party Advisory
- https://www.onvio.nl/nieuws/ninjaforms-vulnerabilityExploitThird Party Advisory
FAQ
What is CVE-2019-10869?
CVE-2019-10869 is a vulnerability with a CVSS score of 8.1 (HIGH). Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to ...
How severe is CVE-2019-10869?
CVE-2019-10869 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10869?
Check the references section above for vendor advisories and patch information. Affected products include: Ninjaforms Ninja Forms File Uploads.