Another TOP WordPress -plug -in to make account takeover possible -Stay safe with these tips
- Advertisement -
Related Posts
- Advertisement -
- Experts find a way to mislead the forminator to remove a core press file file
- This process could activate the arrangement of the site, where hackers can take over
- A patch is available and users are advised to apply it
A popular one WordPress -plug -in Active on hundreds of thousands of websites turned out to have a vulnerability with high seriousness, which could enable threat factors to fully take over compromised websites.
Forminator is one Website builder Plug -in with which WordPress operators can add adapted contact, feedback, quizzes, surveys, polls and payment forms. Everything is dragging and putting down and therefore user-friendly and plays well with many other plug-ins.
Recently, a security investigator found the alias ‘Phat Rio – Bluerock’ that the plug – in insufficient validation and sanitary facilities of Veld -Invoerkwerzelability had, as well as an unsafe file removal logic. It can be misused to insert an adapted file in every field, which would force (after a few steps) forminator to remove the core WordPress file. As a result, the entire website comes in the ‘Setup’ phase, where the attacker can take over.
How to stay safe
“The removal of WP-config.php forces the site in an arrangement state, allowing an attacker to initiate a site takeover by connecting it with a database under their control,” experts noted at Wordfence, a WordPress security project.
The vulnerability is followed as CVE-2025-6463 and has a serious score of 8.8/10-high. All versions up to 1.44.2 are vulnerable. According to data from WordPress.org, there are more than 600,000 active websites that use it -in, making the attack area quite large.
The first clean version is 1.44.3, and the suppliers of the plug -in, WPMU DEV, urges all users to apply it as quickly as possible. Bleeping computer Since the patch was released, the plug has been downloaded in 200,000 times, “but it is unclear how much there are currently vulnerable to exploitation”.
To reduce the risk of attacks, website managers must upgrade their forminator -plug -in to the latest version, or completely switch off and remove the plug in. In general, WordPress is considered safe as a platform, where different plug -ins and themes are the weakest link in this security chain.
That said, WordPress users are advised to keep only the plug -ins and themes that they use to ensure that they are regularly updated, while all others are eliminated and removed.
Maybe you like it too
- Advertisement -
