CVE-2019-10869
moderate-risk
Published 2019-05-07
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters.
Do I need to act?
!
48.0% chance of exploitation in next 30 days
EPSS score — higher than 52% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10
High
NETWORK
/ HIGH complexity
Affected Products (1)
Ninja Forms File Uploads
Affected Vendors
References (4)
Third Party Advisory
https://wpvulndb.com/vulnerabilities/9272
Third Party Advisory
https://wpvulndb.com/vulnerabilities/9272
47
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
18/34 · Moderate
Exposure
5/34 · Minimal