CVE-2026-15160: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in SaturdayDrive Ninja Forms - Excel Export
The Ninja Forms - Excel Export plugin for WordPress contains a directory traversal vulnerability in all versions up to and including 3.3.6. This vulnerability allows authenticated users with subscriber-level access or higher to write Excel files (.xls/.xlsx) to arbitrary locations on the server via the 'spreadsheet_export_tmp_name' parameter. This can potentially be used to stage further attacks. The vulnerability has a medium severity rating with a CVSS score of 4.3.
AI Analysis
Technical Summary
CVE-2026-15160 is a directory traversal vulnerability (CWE-22) in the Ninja Forms - Excel Export plugin for WordPress. It affects all versions up to and including 3.3.6. The flaw exists in the handling of the 'spreadsheet_export_tmp_name' parameter, which does not properly restrict pathname input, enabling authenticated attackers with subscriber-level privileges or higher to write .xls/.xlsx files to arbitrary server locations. This unauthorized file write capability can be leveraged to facilitate additional attacks on the affected system.
Potential Impact
Authenticated users with subscriber-level access or higher can exploit this vulnerability to write arbitrary Excel files to any location on the server. While this does not directly lead to confidentiality or availability loss, it allows integrity compromise and can be used to stage further attacks, such as code execution or privilege escalation, depending on the server environment and additional vulnerabilities.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict subscriber-level user permissions where possible and monitor for suspicious file writes related to the plugin. Avoid granting unnecessary privileges to users and consider disabling the plugin if it is not essential.
CVE-2026-15160: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in SaturdayDrive Ninja Forms - Excel Export
Description
The Ninja Forms - Excel Export plugin for WordPress contains a directory traversal vulnerability in all versions up to and including 3.3.6. This vulnerability allows authenticated users with subscriber-level access or higher to write Excel files (.xls/.xlsx) to arbitrary locations on the server via the 'spreadsheet_export_tmp_name' parameter. This can potentially be used to stage further attacks. The vulnerability has a medium severity rating with a CVSS score of 4.3.
CVSS v3.1
Score 4.3medium
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-15160 is a directory traversal vulnerability (CWE-22) in the Ninja Forms - Excel Export plugin for WordPress. It affects all versions up to and including 3.3.6. The flaw exists in the handling of the 'spreadsheet_export_tmp_name' parameter, which does not properly restrict pathname input, enabling authenticated attackers with subscriber-level privileges or higher to write .xls/.xlsx files to arbitrary server locations. This unauthorized file write capability can be leveraged to facilitate additional attacks on the affected system.
Potential Impact
Authenticated users with subscriber-level access or higher can exploit this vulnerability to write arbitrary Excel files to any location on the server. While this does not directly lead to confidentiality or availability loss, it allows integrity compromise and can be used to stage further attacks, such as code execution or privilege escalation, depending on the server environment and additional vulnerabilities.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict subscriber-level user permissions where possible and monitor for suspicious file writes related to the plugin. Avoid granting unnecessary privileges to users and consider disabling the plugin if it is not essential.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-07-08T20:20:17.675Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a59a5f668715ace43451fb2
Added to database: 07/17/2026, 03:48:06 UTC
Last enriched: 07/17/2026, 04:03:04 UTC
Last updated: 07/17/2026, 04:07:25 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.