Dropbox Sign Breach Exposes Customer Data
Cloud storage giant Dropbox has recently disclosed a data breach affecting its eSignature service, Dropbox Sign (formerly HelloSign). The incident highlights the ongoing risks businesses…
Critical Vulnerability in Popular WordPress Plugin Forminator
A recently discovered critical vulnerability in the widely-used WordPress plugin Forminator puts hundreds of thousands of websites at risk of cyber attack. Site owners using outdated versions of the plugin are being urged to update immediately to avoid potential compromise.
What is Forminator?
Forminator is a powerful WordPress plugin developed by WPMU DEV. It allows site owners to easily build a variety of forms, including contact forms, surveys, polls, quizzes, and even payment forms. The plugin is highly popular due to its user-friendliness and extensive features.
The Vulnerability
The critical vulnerability (CVE-2024-28890) allows unauthenticated attackers to upload malicious files to a website running a vulnerable version of Forminator. This could lead to serious consequences, including:
- Website Defacement: Attackers can change the appearance and content of the website.
- Malware Distribution: The uploaded files could contain malware, infecting visitors’ computers.
- Data Theft: Attackers may gain access to sensitive information stored on the website.
- Complete Website Takeover: In some cases, attackers could gain full control over the website.
How to Protect Yourself
The developers of Forminator have promptly released a security update (version 1.29.3) to address this vulnerability, along with two other less critical flaws. Website owners using Forminator must update the plugin as soon as possible. Here’s how:
- Log in to your WordPress Dashboard.
- Go to the “Plugins” section.
- Look for Forminator and click the “Update Now” button.
Additional Security Tips:
- Minimise Plugin Use: Install only essential WordPress plugins to reduce your risk.
- Regular Updates: Always update all plugins and WordPress itself to the latest versions.
- Unused Plugins: Deactivate and delete any plugins that you no longer use.
Related Links:
Related articles
Social Media Fraud: The Evolving Threat and How to Defend Yourself
Social media platforms offer connection and entertainment, but they’ve also become a hunting ground for sophisticated scammers. These criminals are increasingly turning to a combination…
DarkGate Malware: Threat Exploiting AutoHotkey
The DarkGate malware family, a persistent threat since 2018, has recently resurfaced in a sophisticated global campaign. This Remote Access Trojan (RAT), built using the…