Home Latest Cyber Security News | Network Security Hacking Multiple Vulnerabilities Found In Forminator WordPress Plugin
Latest Cyber Security News | Network Security HackingNewsVulnerabilities

Multiple Vulnerabilities Found In Forminator WordPress Plugin

by Abeerah Hashim
written by Abeerah Hashim
Forminator WordPress plugin vulnerabilities could allow DoS attacks

WordPress admins using the Forminator plugin on their websites must rush to update their sites with the latest plugin release. That’s because numerous vulnerabilities existed in the Forminator plugin that could allow triggering site crashes and malicious file uploads on target websites.

One Out Of The Three Forminator Vulnerabilities Posed Severe Threat

According to a recent JPCERT/CC alert, at least three different vulnerabilities riddled the WordPress plugin Forminator. Exploiting these vulnerabilities could allow malicious file uploads, access to stored information, and site crashes.

Forminator is a dedicated form builder plugin for WordPress sites. It facilitates users’ creation of various forms for different web pages, including contact forms, payment forms, order forms, feedback widgets, and more. The plugin’s official page currently boasts over 500,000 active installations, indicating the sheer number of websites that could be at risk due to any vulnerabilities in the plugin.

Specifically, the following three vulnerabilities existed in the plugin.

  • CVE-2024-28890 (CVSS 9.8): A critical severity vulnerability that could allow unrestricted file uploads. An adversary could exploit the flaw to upload maliciously crafted files on the target server, access sensitive data, and even alter the plugin to trigger denial of service (DoS).
  • CVE-2024-31077 (CVSS 7.2): Another vulnerability that could allow DoS attacks. This SQL injection vulnerability could let an adversary access or modify the information in the target database.
  • CVE-2024-31857 (CVSS 6.1): A cross-site scripting (XSS) vulnerability that an attacker could exploit to modify the target web page’s content and access user information.

The advisory acknowledged the security researcher Hibiki Moriyama of STNet Inc. for reporting these vulnerabilities.

While CERT/CC didn’t mention anything about the active exploitation attempts for any of these vulnerabilities, the threat still persists. And, considering the serious threat these vulnerabilities pose, it’s crucial for all Forminator users to patch their sites with the latest plugin release (v.1.29.3) at the earliest.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

LayerX Security Raises $26M for its Browser Security...

Judge0 Vulnerabilities Could Allow Sandbox Escape

Google Meet Now Offers Client-Side Encryption For All...

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.