.jpg)
.svg){kind=small}
The Forminator plugin, a popular tool used on more than 500,000 WordPress websites for creating custom forms, has been compromised due to a severe security flaw. This vulnerability allows malicious actors to execute unrestricted file uploads, posing a significant threat to affected websites.
Japan's Computer Emergency Response Team (CERT) issued an alert highlighting a critical flaw in the Forminator plugin, identified as CVE-2024-28890, with a CVSS v3 score of 9.8, indicating its severity. This vulnerability allows remote attackers to upload and execute malicious files on the servers hosting vulnerable sites, potentially leading to unauthorized data access, site alteration, or a Denial-of-Service (DoS) attack.
Alongside the critical file upload issue, two additional vulnerabilities have been identified:
Site administrators are strongly advised to update the Forminator plugin to version 1.29.3 immediately, as this version addresses these vulnerabilities. Despite the release of the update, WordPress.org statistics as of April 8, 2024, indicate that approximately 320,000 sites have yet to install this critical update, leaving them vulnerable to potential exploits.
While there are currently no public reports of these vulnerabilities being exploited, the nature of the flaws and the simplicity of exploiting them pose a significant risk to any unpatched systems. The high severity of the flaw underlines the urgent need for updates.
To safeguard WordPress installations:
For ongoing updates on this situation and more detailed guidance on maintaining robust cybersecurity hygiene, visit Peris.ai Cybersecurity. Our goal is to provide the tools and knowledge you need to defend against sophisticated cyber threats effectively. Secure your digital presence with proactive measures and stay updated with the latest in cyber defense through Peris.ai Cybersecurity - your trusted partner in cybersecurity.
Act now to update your Forminator plugin and protect your site from potential cyber threats.
.svg)
.jpg)
.jpg)
