Alert: PayPal ‘New Address’ Phishing Scam
The Cyber and Fraud Centre Scotland would like to alert the public to a recent phishing scam exploiting PayPal’s “New Address” feature. How the Scam…
Critical Vulnerability in Popular WordPress Plugin Forminator
A recently discovered critical vulnerability in the widely-used WordPress plugin Forminator puts hundreds of thousands of websites at risk of cyber attack. Site owners using outdated versions of the plugin are being urged to update immediately to avoid potential compromise.
What is Forminator?
Forminator is a powerful WordPress plugin developed by WPMU DEV. It allows site owners to easily build a variety of forms, including contact forms, surveys, polls, quizzes, and even payment forms. The plugin is highly popular due to its user-friendliness and extensive features.
The Vulnerability
The critical vulnerability (CVE-2024-28890) allows unauthenticated attackers to upload malicious files to a website running a vulnerable version of Forminator. This could lead to serious consequences, including:
- Website Defacement: Attackers can change the appearance and content of the website.
- Malware Distribution: The uploaded files could contain malware, infecting visitors’ computers.
- Data Theft: Attackers may gain access to sensitive information stored on the website.
- Complete Website Takeover: In some cases, attackers could gain full control over the website.
How to Protect Yourself
The developers of Forminator have promptly released a security update (version 1.29.3) to address this vulnerability, along with two other less critical flaws. Website owners using Forminator must update the plugin as soon as possible. Here’s how:
- Log in to your WordPress Dashboard.
- Go to the “Plugins” section.
- Look for Forminator and click the “Update Now” button.
Additional Security Tips:
- Minimise Plugin Use: Install only essential WordPress plugins to reduce your risk.
- Regular Updates: Always update all plugins and WordPress itself to the latest versions.
- Unused Plugins: Deactivate and delete any plugins that you no longer use.
Related Links:
Related articles
Gift Card Scams: Understanding and Preventing a Rising Trend
Gift card scams are a significant threat, with fraudsters increasingly targeting both businesses and individuals through sophisticated social engineering techniques. This article examines gift card…
Massive Brute Force Attack Targeting Networking Devices
A large-scale brute force attack is underway, using nearly 2.8 million IP addresses daily to target networking devices from Palo Alto Networks, Ivanti, and SonicWall….