Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN381
_____________________________________________________________________

DATE                : 10/04/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Ninja Forms - File Upload for
                      Wordpress versions prior to Patch 3.3.28.

=====================================================================
https://ninjaforms.com/extensions/file-uploads/
_____________________________________________________________________

Changelog

3.3.28 (08 April 2026)

Security Enhancements:

    Fix injection and CSRF in uploads table
    Fix reflected XSS in OAuth2 admin


3.3.27 (16 March 2026)

Bug Fixes:

    fix cancel button clearing all form field data
    add aria-labelledby to file upload button for accessibility

Security Enhancements:

    block destination filename whitelist bypass in file upload



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================