Ninja Forms – File Upload Plugin patch release (version 3.3.27)
Security Patch Release
Summary
Hide ▲
Show ▼
Ninja Forms – File Upload Plugin received a complete patch in version 3.3.27 after a partial fix on February 10, closing a critical upload flaw that left thousands of WordPress sites at risk. The release matters because the bug allowed unauthenticated file uploads that could lead to remote code execution. Site owners were told to update immediately to the fixed version.
Related Happenings
Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)
Security Patch Release
First: 15.05.2026 18:56
Last: 15.05.2026 18:56
Sources 1
About this happening:
**Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...
Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)
Security Patch ReleaseAbout this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...
WordPress.org closes compromised EssentialPlugin plugins with forced update
Security Tool/Service
First: 15.04.2026 23:33
Last: 15.04.2026 23:33
Sources 1
About this happening:
**WordPress.org** closed the compromised **EssentialPlugin** plugins and forced an update, changing how affected sites received and ran the package. The move mattered because the...
WordPress.org closes compromised EssentialPlugin plugins with forced update
Security Tool/ServiceAbout this happening: **WordPress.org** closed the compromised **EssentialPlugin** plugins and forced an update, changing how affected sites received and ran the package. The move mattered because the...
Elementor Ally 4.1.0 security patch release (CVE-2026-2313)
Security Patch Release
First: 11.03.2026 21:38
Last: 11.03.2026 21:38
Sources 1
About this happening:
**Elementor** released **Ally 4.1.0** to fix **CVE-2026-2313**, a **SQL injection** flaw in the WordPress accessibility plugin that could expose **sensitive data**. The update lan...
Elementor Ally 4.1.0 security patch release (CVE-2026-2313)
Security Patch ReleaseAbout this happening: **Elementor** released **Ally 4.1.0** to fix **CVE-2026-2313**, a **SQL injection** flaw in the WordPress accessibility plugin that could expose **sensitive data**. The update lan...
WPEverest security patch release for CVE-2026-1492
Security Patch Release
First: 05.03.2026 20:44
Last: 05.03.2026 20:44
Sources 1
About this happening:
**WPEverest** released fixes for **CVE-2026-1492** in the **User Registration & Membership** plugin, a critical update for sites running vulnerable versions. The patch matters bec...
WPEverest security patch release for CVE-2026-1492
Security Patch ReleaseAbout this happening: **WPEverest** released fixes for **CVE-2026-1492** in the **User Registration & Membership** plugin, a critical update for sites running vulnerable versions. The patch matters bec...
Anti-Malware Security and Brute-Force Firewall plugin for WordPress patch release (CVE-2025-11705)
Security Patch Release
First: 29.10.2025 22:44
Last: 29.10.2025 22:44
Sources 1
About this happening:
On **October 15**, **Eli** released **version 4.23.83** of the **Anti-Malware Security and Brute-Force Firewall plugin for WordPress**, closing **CVE-2025-11705** in sites running...
Anti-Malware Security and Brute-Force Firewall plugin for WordPress patch release (CVE-2025-11705)
Security Patch ReleaseAbout this happening: On **October 15**, **Eli** released **version 4.23.83** of the **Anti-Malware Security and Brute-Force Firewall plugin for WordPress**, closing **CVE-2025-11705** in sites running...
Timeline
-
08.04.2026 18:10 1 articles · 1mo ago
Ninja Forms developer issues partial fix for file upload flaw
Mitigation Patch UpdateThe Ninja Forms – File Upload Plugin developer issued a partial fix on February 10, 2026 for the arbitrary file upload flaw affecting plugin versions up to 3.3.26. The vulnerability had enabled unauthenticated attackers to upload malicious files, including .php payloads, and potentially reach remote code execution on WordPress sites.
Show sources
- Critical Vulnerability in Ninja Forms Exposes WordPress Sites — www.infosecurity-magazine.com — 08.04.2026 18:10
-
08.04.2026 18:10 2 articles · 1mo ago
Ninja Forms releases version 3.3.27 with complete patch
Mitigation Patch UpdateThe Ninja Forms – File Upload Plugin developer released version 3.3.27 on March 19, 2026 with a complete patch for the arbitrary file upload vulnerability and advised users to update immediately. The fix closed the path that had allowed unauthenticated file uploads and potential remote code execution on affected WordPress sites.
Show sources
- Critical Vulnerability in Ninja Forms Exposes WordPress Sites — www.infosecurity-magazine.com — 08.04.2026 18:10
- Critical Vulnerability in Ninja Forms Exposes WordPress Sites — www.infosecurity-magazine.com — 08.04.2026 18:10
-
08.01.2026 02:00 1 articles · 4mo ago
Sélim Lanouar reports critical Ninja Forms file upload flaw
Initial DisclosureSélim Lanouar, known as whattheslime, reported a critical arbitrary file upload vulnerability in Ninja Forms – File Upload Plugin through the Wordfence Bug Bounty Program, and Wordfence validated the report and confirmed a proof-of-concept exploit. The flaw affected plugin versions up to 3.3.26 on WordPress sites and could allow unauthenticated attackers to upload malicious files for remote code execution.
Show sources
- Critical Vulnerability in Ninja Forms Exposes WordPress Sites — www.infosecurity-magazine.com — 08.04.2026 18:10