A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. [...]
Hackers exploit critical flaw in Ninja Forms WordPress plugin
A critical unauthenticated arbitrary file upload vulnerability in Ninja Forms File Uploads for WordPress enables Remote Code Execution (RCE) without authentication. This flaw affects users of the premium add-on and can lead to full server compromise, data theft, or website defacement.