Pentest reveals vulnerabilities in WordPress plugin Ninja Forms <= 3.0.22
During a recent Pentest for one of our clients, we discovered Path Traversal and Unrestricted File Upload vulnerabilities in the WordPress plugin Ninja Forms with its File Upload extension (v3.0.22) enabled. This eventually allows an unauthenticated attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name…