Hackers Exploit Major Vulnerability in Ninja Forms Plugin

Hackers Take Advantage of Major Vulnerability in Ninja Forms Plugin for WordPress

Last updated on April 8, 2026April 8, 2026 by Souvik Banerjee on Categories WordPress

Table of Contents

Critical Vulnerability Detected in Ninja Forms File Uploads Add-On

A significant security flaw has been uncovered in the Ninja Forms File Uploads premium add-on for WordPress, allowing unauthorized users to upload arbitrary files, thereby potentially enabling remote code execution.

Designated as CVE-2026-0740, this vulnerability is currently being exploited in various attacks. As reported by the cybersecurity firm Defiant, its Wordfence firewall has intercepted over 3,600 attacks within the last 24 hours alone.

Ninja Forms, a widely used WordPress form builder boasting more than 600,000 downloads, enables users to create forms sans coding through a user-friendly drag-and-drop interface. Its File Upload extension, utilized by approximately 90,000 customers, further underscores its popularity.

With a severity rating of 9.8 out of 10, CVE-2026-0740 impacts versions of Ninja Forms File Upload up to 3.3.26.

Investigations by Wordfence indicate that this flaw results from inadequate verification of file types and extensions associated with the destination filename.

Consequently, an unauthenticated assailant can upload arbitrary files, including PHP scripts, and manipulate filenames to facilitate path traversal.

“The affected function fails to incorporate any file type or extension validation prior to the move operation in the compromised version,” Wordfence elaborates.

“Thus, while benign files can be uploaded, malicious entities can also introduce files with a .php extension.”

“The lack of filename sanitization allows for path traversal, which enables the file to be relocated even to the webroot directory.”

“This vulnerability permits unauthorized individuals to upload harmful PHP scripts, thereby granting remote code execution on the server.”

The implications of such exploitation are severe, potentially culminating in web shell deployment and complete site takeover.

Discovery and Remediation Efforts

This vulnerability was brought to light by security researcher Sélim Lanouar (whattheslime), who reported it through Wordfence’s bug bounty program on January 8.

Upon verification, Wordfence promptly notified the vendor the same day and swiftly implemented temporary mitigations through firewall regulations for its clients.

Following reviews of the patch and a partial fix on February 10, a comprehensive solution was released in version 3.3.27, made available as of March 19.

A computer monitor displaying the Wordfence security dashboard sits on a desk in a server room, with a keyboard and coffee cup nearby.

In light of Wordfence’s detection of thousands of exploit attempts daily, users of Ninja Forms File Upload are strongly urged to upgrade to the latest version without delay.

Source link: Bleepingcomputer.com.

Disclosure: This article is for general information only and is based on publicly available sources. We aim for accuracy but can't guarantee it. The views expressed are the author's and may not reflect those of the publication. Some content was created with help from AI and reviewed by a human for clarity and accuracy. We value transparency and encourage readers to verify important details. This article may include affiliate links. If you buy something through them, we may earn a small commission — at no extra cost to you. All information is carefully selected and reviewed to ensure it's helpful and trustworthy.

Reported By

Souvik Banerjee

I’m Souvik Banerjee from Kolkata, India. As a Marketing Manager at RS Web Solutions (RSWEBSOLS), I specialize in digital marketing, SEO, programming, web development, and eCommerce strategies. I also write tutorials and tech articles that help professionals better understand web technologies.