Report: Up to 400,000+ Websites Are Affected by the Forminator WordPress Plugin Vulnerability

Report: Up to 400,000+ Websites Are Affected by the Forminator WordPress Plugin Vulnerability

A major vulnerability affecting the Forminator WordPress Contact Form plugin up to and including version 1.24.6 was disclosed by the U.S. Government’s National Vulnerability Database (NVD).

According to the warning, malicious files can be uploaded to websites by unauthenticated attackers, which “may make remote code execution possible.”

On a scale of one to 10, with 10 being the most serious vulnerability level, the vulnerability score rating is 9.8, with 1 being the least vulnerable.

Potential For Unauthorised Attacks

In order to exploit many vulnerabilities, an attacker typically has to be a WordPress user or higher. For instance, although specific vulnerabilities are accessible to users with the subscriber user level. Others require the contributor or admin level to be exploited.

This vulnerability is especially concerning because it enables unauthenticated attackers. Those with no user level at all to successfully hijack the website.

The attacker can upload an arbitrary file, which refers to any kind of file, such as a malicious script. This is another reason why this vulnerability is rated 9.8 on a scale of 1 to 10 (critical).

Execution of Remote Code

An exploit that allows the attacker to remotely execute malicious code on the targeted website. From another computer is known as a remote code execution (RCE) vulnerability. An entire site takeover could cause more harm than this kind of hack.

Contact Forms Must Be Strictly Controlled

WordPress plugins that permit logged-in or anonymous users to upload anything. Including text or photos, must have a method to restrict what can be uploaded. Because they allow public feedback, contact forms need to be particularly secure.


WordPress Now Offers A Content Generator Powered By OpenAI, With Free Access.

WordPress has made a Free Course on Creating and Monetizing Membership Websites Available.

WordPress in Discussion Towards AI Integration.



Hello I'm Monisha Sajan. I'm a Technical Writer. I'm excited to learn and investigate tech-related topics! Additionally, I wanted to convey information to you that was both more easy to understand and instructive. If you wish to support my blogs and news articles, please consider sharing them! Thanks for reading! Happy learning!

Leave a Reply

Your email address will not be published. Required fields are marked *