Login Sign Up

CVE-2022-0888

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites using the Ninja Forms - File Uploads Extension plugin. Attackers can bypass file type validation to upload malicious files, potentially leading to remote code execution. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:
  • Ninja Forms - File Uploads Extension WordPress plugin
Versions: All versions up to and including 3.3.0
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the plugin to be installed and active. No special configuration needed for exploitation.

📦 What is this software?

Ninja Forms File Uploads by Ninjaforms

View all CVEs affecting Ninja Forms File Uploads →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise via remote code execution, allowing attackers to install backdoors, steal data, deface websites, or use the server for further attacks.

🟠

Likely Case

Website defacement, malware distribution, credential theft, or use as part of a botnet.

🟢

If Mitigated

File upload attempts blocked at web application firewall level with no successful exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.3.1

Vendor Advisory: https://wordpress.org/plugins/ninja-forms-uploads/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Ninja Forms - File Uploads Extension'. 4. Click 'Update Now' if available. 5. Alternatively, download version 3.3.1+ from WordPress.org and replace the plugin files.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate the Ninja Forms - File Uploads Extension plugin until patched

Web Application Firewall rule

all

Block requests to /wp-admin/admin-ajax.php with action=nf_upload containing file uploads

🧯 If You Can't Patch

  • Implement strict file upload restrictions at web server level (Apache/Nginx)
  • Deploy a web application firewall with specific rules blocking this exploit pattern

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for Ninja Forms - File Uploads Extension version

Check Version:

wp plugin list --name='ninja-forms-uploads' --field=version

Verify Fix Applied:

Confirm plugin version is 3.3.1 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

  • Multiple POST requests to /wp-admin/admin-ajax.php with action=nf_upload
  • Uploads of unexpected file types (php, exe, etc.)

Network Indicators:

  • Unusual file upload traffic patterns to WordPress admin endpoints

SIEM Query:

source="web_server_logs" AND uri="/wp-admin/admin-ajax.php" AND method="POST" AND params.action="nf_upload"

📊 Metadata

CVE ID: CVE-2022-0888
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: March 23, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0888, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)