Jasper Weijts

**Name of the Vulnerable Software and Affected Versions** Ninja Forms plugin versions prior to 3.0.23 **Description** The issue allows an attacker to traverse the file system and access files, as well as execute code. This is achieved through the `includes/fields/upload.php` page, specifically via the `name` and `tmp name` parameters. **Recommendations** For versions prior to 3.0.23, update to version 3.0.23 or later to resolve the issue. As a temporary workaround, consider disabling the Uploads add-on until the update is applied. Restrict access to the `includes/fields/upload.php` page to minimize the risk of exploitation. Avoid using the `name` and `tmp name` parameters in the affected upload/submit page until the issue is resolved.