Oasis Ticket Sales Scams: How to Stay Safe
During our weekly meetings with the banking industry and Police Scotland, we continue to see a significant increase in ticket scams over the last three…
Critical Vulnerability in Popular WordPress Plugin Forminator
A recently discovered critical vulnerability in the widely-used WordPress plugin Forminator puts hundreds of thousands of websites at risk of cyber attack. Site owners using outdated versions of the plugin are being urged to update immediately to avoid potential compromise.
What is Forminator?
Forminator is a powerful WordPress plugin developed by WPMU DEV. It allows site owners to easily build a variety of forms, including contact forms, surveys, polls, quizzes, and even payment forms. The plugin is highly popular due to its user-friendliness and extensive features.
The Vulnerability
The critical vulnerability (CVE-2024-28890) allows unauthenticated attackers to upload malicious files to a website running a vulnerable version of Forminator. This could lead to serious consequences, including:
- Website Defacement: Attackers can change the appearance and content of the website.
- Malware Distribution: The uploaded files could contain malware, infecting visitors’ computers.
- Data Theft: Attackers may gain access to sensitive information stored on the website.
- Complete Website Takeover: In some cases, attackers could gain full control over the website.
How to Protect Yourself
The developers of Forminator have promptly released a security update (version 1.29.3) to address this vulnerability, along with two other less critical flaws. Website owners using Forminator must update the plugin as soon as possible. Here’s how:
- Log in to your WordPress Dashboard.
- Go to the “Plugins” section.
- Look for Forminator and click the “Update Now” button.
Additional Security Tips:
- Minimise Plugin Use: Install only essential WordPress plugins to reduce your risk.
- Regular Updates: Always update all plugins and WordPress itself to the latest versions.
- Unused Plugins: Deactivate and delete any plugins that you no longer use.
Related Links:
Related articles
Alert: Unpatched Microsoft Office Vulnerability Exposes NTLM Hashes
Microsoft has recently disclosed a significant security vulnerability affecting multiple versions of its Office suite, including Office 2016, Office 2019, Office LTSC 2021 and Microsoft…
Public Alert: Windows 11 End of Support – Action Required
Microsoft has issued an important reminder that multiple editions of Windows 11 will reach the end of their support lifecycle on 8 October 2024. This…