Bleeping Computer

Forminator plugin flaw exposes WordPress sites to takeover attacks

The Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks. The security issue is tracked as CVE-2025-6463 and ...
Bleeping Computer

Critical Forminator plugin flaw impacts over 300k WordPress sites

The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server. Forminator by WPMU DEV is a custom ...
Searchenginejournal.com

Forminator WordPress Plugin Vulnerability Affects Up To 400,000+ Websites

The U.S. Government National Vulnerability Database (NVD) published notice of a critical vulnerability affecting the Forminator WordPress Contact Form plugin up to an including version 1.24.6.
Infosecurity-magazine.com

WordPress Plugin Flaw Exposes 600,000 Sites to File Deletion

A severe vulnerability in the widely used Forminator WordPress plugin has been disclosed, exposing websites to the risk of arbitrary file deletion and potential site takeover. The flaw, which affects ...
TechRadar

Another top WordPress plugin hacked to allow account takeover - stay safe with these tips

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Experts find a way to trick Forminator into deleting a core WordPress file This process would ...
heise online

600,000 WordPress instances can be exploited to a breach in Forminator plug-in

The function “entry_delete_upload_files” does not sufficiently check passed path information. Unregistered malicious actors can specify arbitrary file paths in a form submission, the file is then ...
TechRadar

A critical security flaw could affect thousands of WordPress sites

Hundreds of thousands of WordPress websites are vulnerable to a critical severity flaw which allows threat actors to upload malware to the site through a bug in a plugin. As reported by ...