Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Ninja Forms File Upload arbitrary file upload RCE (CVE-2026-0740)

Vulnerability
First reported
Last updated
Happening score
H score 44
2 unique sources, 2 articles

Summary

Hide ▲

CVE-2026-0740 is an actively exploited unauthenticated arbitrary file upload flaw in Ninja Forms File Upload that can lead to remote code execution and site takeover. The issue affects versions up to 3.3.26, expanding risk for WordPress sites using the premium add-on. Wordfence says it blocked more than 3,600 attacks in the past 24 hours, showing ongoing abuse. A complete fix is available in 3.3.27, making upgrade the urgent remediation path.

Related Happenings

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Open Happening

Gladinet CentreStack and Triofox workaround for CVE-2025-11371

Advisory/Mitigation
First: 10.10.2025 22:08 Last: 10.10.2025 22:08 Sources 1

About this happening: **CentreStack** and **Triofox** are affected by **CVE-2025-11371**, a **local file inclusion zero-day** that threat actors have **abused since late September** to read **Web.confi...

Open Happening

Service Finder WordPress theme active auth bypass exploitation wave (CVE-2025-5947)

Exploitation Wave
First: 08.10.2025 18:57 Last: 08.10.2025 18:57 Sources 1

About this happening: **CVE-2025-5947** is being exploited at scale against the **Service Finder WordPress theme**, with attackers using an authentication bypass to log in as administrators and take ov...

Open Happening

Timeline

  1. 08.04.2026 01:03 2 articles · 1mo ago

    Sélim Lanouar reports CVE-2026-0740 to Wordfence

    Initial Disclosure

    Security researcher Sélim Lanouar (whattheslime) submits CVE-2026-0740 to Wordfence’s bug bounty program on January 8, and Wordfence validates the flaw, discloses full details to the vendor, and pushes temporary firewall mitigations to customers. The weakness in Ninja Forms File Upload allows unauthenticated arbitrary file upload and can lead to remote code execution.

    Show sources
    Open in new tab
  2. 08.04.2026 01:03 1 articles · 1mo ago

    Vendor issues a partial fix for Ninja Forms File Upload

    Mitigation Patch Update

    After patch reviews, the vendor releases a partial fix for the Ninja Forms File Upload vulnerability on February 10, reducing exposure before the later complete release. The flaw affects versions up to 3.3.26 and involves unsafe file type and filename handling.

    Show sources
    Open in new tab
  3. 08.04.2026 01:03 1 articles · 1mo ago

    Vendor releases the complete fix in Ninja Forms File Upload 3.3.27

    Mitigation Patch Update

    The vendor releases the complete fix for CVE-2026-0740 in Ninja Forms File Upload version 3.3.27 on March 19, closing the arbitrary file upload and path traversal weakness that could enable remote code execution.

    Show sources
    Open in new tab
  4. 08.04.2026 01:03 1 articles · 1mo ago

    Wordfence reports active exploitation of CVE-2026-0740

    Exploitation Observed

    Wordfence reports that CVE-2026-0740 is currently exploited in attacks against Ninja Forms File Upload, and its Wordfence firewall blocked more than 3,600 attacks over the previous 24 hours as of April 7. The flaw stems from missing validation of file type and extension on the destination filename, no filename sanitization, and path traversal that can let unauthenticated attackers upload malicious PHP code and trigger remote code execution.

    Show sources
    Open in new tab