Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin

On April 6th, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Ninja Forms – File Upload, a WordPress plugin with an estimated 50,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to upload arbitrary files, including PHP backdoors, and achieve remote code execution.

The post Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin appeared first on Wordfence.