CRITICALVulnerability
Global

Hackers exploit critical flaw in Ninja Forms WordPress plugin

Tuesday, April 7, 2026 at 10:03 PM UTC·Source: BleepingComputer

Updated: Tuesday, April 7, 2026 at 10:04 PM UTC

Executive Summary

A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. [...]

Analysis

A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. [...]
Source Attribution

Originally published by BleepingComputer on Apr 7, 2026.

Related Threats

LOWVulnerabilityNEW

Paysend raises $25 million

UK-based international money transfer firm Paysend has secured a $25 million follow-on investment from Claret Capital Partners.

Finextra
LOWVulnerability

FBI, Pentagon warn of Iran hacking groups targeting operational technology

The advisory said Iranian actors are targeting local municipal governments, water and wastewater systems and the energy sector.

The Record
MEDIUMVulnerability

Grafana Patches AI Bug That Could Have Leaked User Data

By hiding malicious instructions on an attacker-controlled Web page, AI could ingest orders as benign and return sensitive data to the attacker's server.

Dark Reading