Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Ninja Forms

Ninja Forms Vendor Cyber Rating & Cyber Score

bit.ly

Ninja Forms is one of WordPress’ oldest form builders founded by the parent company, Saturday Drive. We’re committed to offering as many free, open-source tools as we can get away with to back you up including support for all users, whether you’ve made a purchase or not.


Ninja Forms A.I CyberSecurity Scoring

Ninja Forms
Company Information
Website:https://bit.ly/4gLLEi6
Employees number:2
Number of followers:264
NAICS:5112
Industry Type:Software Development
Homepage:bit.ly
Ninja Forms Risk Score (AI oriented)
Between 700 and 749
logo
Ninja FormsSoftware Development
Updated:
07/04/2026
747/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Ninja Forms Global Score (TPRM)
xxxx
logo
Ninja FormsSoftware Development
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Ninja Forms
Ninja FormsModerate
Current Score
747Ba (MODERATE)
01000
1 incidents
-2 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
748Before Incident
JUNE 2026
747Before Incident
MAY 2026
747Before Incident
APRIL 2026
747Before Incident
MARCH 2026
749Before Incident
Vulnerability
19 Mar 2026Ninja Forms
Ninja Forms: 50,000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE Vulnerability

Critical Ninja Forms Plugin Flaw Exposes 50,000 WordPress Sites to Takeover

747After Incident
CRITICAL-2
NIN1775550492
Critical Ninja Forms Plugin Flaw Exposes 50,000 WordPress Sites to Takeover A severe security vulnerability in the Ninja Forms – File Upload WordPress plugin (CVE-2026-0740) has left approximately 50,000 websites at risk of complete compromise. The flaw, rated 9.8 on the CVSS scale, was discovered by security researcher Sélim Lanouar, who earned a $2,145 bug bounty for the report. The vulnerability is classified as an unauthenticated arbitrary file upload, allowing attackers to upload malicious files to vulnerable sites without requiring credentials. Exploitation could lead to remote code execution (RCE), giving threat actors full control over the affected web server. From there, attackers could steal sensitive data, inject malware, redirect visitors to malicious sites, or use the server as a launchpad for further attacks. The issue stems from a flaw in the plugin’s `handle_upload()` function, which processes file submissions. While the plugin attempts to verify file types, it fails to properly sanitize filenames or validate extensions during the `move_uploaded_file()` operation. This oversight enables path traversal attacks, allowing attackers to upload malicious `.php` files such as webshells directly into a site’s root directory, bypassing security checks. The vulnerability affects all versions of the Ninja Forms File Upload plugin up to 3.3.26. Wordfence deployed firewall protections for premium users on January 8, 2026, extending coverage to free users by February 7. The developers released a partial fix in version 3.3.25 and a complete patch in version 3.3.27 on March 19, 2026. Due to the flaw’s ease of exploitation requiring no authentication unpatched sites remain prime targets for automated scanning tools. Administrators are urged to update to the latest version immediately to mitigate risk.
INCIDENT DETAILS -
TYPE
Vulnerability Exploitation
IMPACT
Data Compromised: Sensitive data theft possibleSystems Affected: WordPress sites using Ninja Forms – File Upload pluginOperational Impact: Full server compromise, malware injection, redirection to malicious sitesBrand Reputation Impact: Potential brand reputation damageIdentity Theft Risk: Possible if sensitive data is stolenPayment Information Risk: Possible if sensitive data is stolen
DATA BREACH
Type Of Data Compromised: Sensitive data (potential)Sensitivity Of Data: High (if exfiltrated)Data Exfiltration: PossibleFile Types Exposed: Malicious .php files (webshells)Personally Identifiable Information: Possible if sensitive data is stolen
FEBRUARY 2026
749Before Incident
JANUARY 2026
749Before Incident
DECEMBER 2025
749Before Incident
NOVEMBER 2025
749Before Incident
OCTOBER 2025
749Before Incident
SEPTEMBER 2025
749Before Incident
AUGUST 2025
749Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Ninja Forms ?
?
What was Ninja Forms's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Ninja Forms's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Ninja Forms's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Ninja Forms's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Ninja Forms's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Ninja Forms's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Ninja Forms's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Ninja Forms's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Ninja Forms's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Ninja Forms's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Ninja Forms's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Ninja Forms's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Ninja Forms ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Ninja Forms's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?