Ninja Forms A.I CyberSecurity Scoring
Ninja Forms
Company Information
Website:https://bit.ly/4gLLEi6
Employees number:2
Number of followers:264
NAICS:5112
Industry Type:Software Development
Homepage:bit.ly
Ninja Forms Risk Score (AI oriented)
Between 700 and 749
Ninja FormsSoftware Development
Updated:
07/04/2026
07/04/2026
747/1000
Moderate
Ba
Ninja Forms Global Score (TPRM)
xxxx
Ninja FormsSoftware Development
Score locked

Ninja FormsModerate
Current Score
747Ba (MODERATE)
01000
1 incidents
-2 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
748
JUNE 2026
747
MAY 2026
747
APRIL 2026
747
MARCH 2026
749
Vulnerability
19 Mar 2026 • Ninja Forms
Ninja Forms: 50,000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE Vulnerability
Critical Ninja Forms Plugin Flaw Exposes 50,000 WordPress Sites to Takeover
747
CRITICAL-2
NIN1775550492
Critical Ninja Forms Plugin Flaw Exposes 50,000 WordPress Sites to Takeover
A severe security vulnerability in the Ninja Forms – File Upload WordPress plugin (CVE-2026-0740) has left approximately 50,000 websites at risk of complete compromise. The flaw, rated 9.8 on the CVSS scale, was discovered by security researcher Sélim Lanouar, who earned a $2,145 bug bounty for the report.
The vulnerability is classified as an unauthenticated arbitrary file upload, allowing attackers to upload malicious files to vulnerable sites without requiring credentials. Exploitation could lead to remote code execution (RCE), giving threat actors full control over the affected web server. From there, attackers could steal sensitive data, inject malware, redirect visitors to malicious sites, or use the server as a launchpad for further attacks.
The issue stems from a flaw in the plugin’s `handle_upload()` function, which processes file submissions. While the plugin attempts to verify file types, it fails to properly sanitize filenames or validate extensions during the `move_uploaded_file()` operation. This oversight enables path traversal attacks, allowing attackers to upload malicious `.php` files such as webshells directly into a site’s root directory, bypassing security checks.
The vulnerability affects all versions of the Ninja Forms File Upload plugin up to 3.3.26. Wordfence deployed firewall protections for premium users on January 8, 2026, extending coverage to free users by February 7. The developers released a partial fix in version 3.3.25 and a complete patch in version 3.3.27 on March 19, 2026.
Due to the flaw’s ease of exploitation requiring no authentication unpatched sites remain prime targets for automated scanning tools. Administrators are urged to update to the latest version immediately to mitigate risk.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
749
JANUARY 2026
749
DECEMBER 2025
749
NOVEMBER 2025
749
OCTOBER 2025
749
SEPTEMBER 2025
749
AUGUST 2025
749
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Ninja Forms ??
What was Ninja Forms's A.I Rankiteo Cyber Score in June 2026 ??
What was Ninja Forms's A.I Rankiteo Cyber Score in May 2026 ??
What was Ninja Forms's A.I Rankiteo Cyber Score in April 2026 ??
What was Ninja Forms's A.I Rankiteo Cyber Score in March 2026 ??
What was Ninja Forms's A.I Rankiteo Cyber Score in February 2026 ??
What was Ninja Forms's A.I Rankiteo Cyber Score in January 2026 ??
What was Ninja Forms's A.I Rankiteo Cyber Score in December 2025 ??
What was Ninja Forms's A.I Rankiteo Cyber Score in November 2025 ??
What was Ninja Forms's A.I Rankiteo Cyber Score in October 2025 ??
What was Ninja Forms's A.I Rankiteo Cyber Score in September 2025 ??
What was Ninja Forms's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Ninja Forms's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Ninja Forms ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Ninja Forms's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?