Security News > 2024 > April > Critical Forminator plugin flaw impacts over 300k WordPress sites
The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server.
On Thursday, Japan's CERT published an alert on its vulnerability notes portal warning about the existence of a critical severity flaw in Forminator that may allow a remote attacker to upload malware on sites using the plugin.
Site admins using the Forminator plugin are advised to upgrade the plugin to version 1.29.3, which addresses all three flaws, as soon as possible.
Critical flaw in LayerSlider WordPress plugin impacts 1 million sites.
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware.
Hackers exploit critical RCE flaw in Bricks WordPress site builder.