Hackers Exploit Critical Flaw in Ninja Forms WordPress Plugin

Hackers are actively exploiting a critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress, which allows unauthenticated arbitrary file uploads leading to remote code execution. The flaw affects the plugin’s file upload functionality, enabling attackers to bypass security controls without requiring authentication. No specific CVE ID, exploitation timeline, or affected version numbers were disclosed in the report. The impact includes potential full compromise of vulnerable WordPress sites through malicious file execution. The vulnerability was highlighted in a security notice, though no patch release date or mitigation steps were provided.