Published: June 08, 2024 on our newsletter Security Fraud News & Alerts Newsletter.
Lookout for the Forminator, the popular WordPress plugin putting websites at risk. Japan’s CERT (Cybersecurity Emergency Response Teams) released the warning, saying multiple vulnerabilities exist in the plugin.
Among Forminator’s three critical flaws, one (CVE-2024-28890) allows remote attackers unlimited file uploads. This lets them upload malicious files on sites using the flawed plugin. It creates a situation ripe for unleashing DoS (Denial-of-Service) attacks for compromised websites. A DoS effectively shuts down the website, preventing legitimate traffic from visiting.
Another Forminator flaw (CVE-2024-31077) permits an administrator to obtain and alter any information in the database and cause a DoS. While the third and final flaw (CVE-2024-31857) allows remote attackers to steal sensitive information allowing website content to be altered.
Don’t Wait to Update
Of the 1.98 billion websites on the web, more than 835 million use WordPress, or about 42% of all websites. WordPress.org reports Forminator plugin has more than 500,000 active installations. They say since the plugin update release, about 180,000 sites have been updated. That leaves approximately 320,000 sites needing updates and still vulnerable to attack. If you’re one of them, it’s a great time to get on that update.
Japan’s CERT reports the flaws are actively being exploited. They recommend all WordPress users immediately update the Forminator plugin to version 1.29.3 which patches all three security flaws. Those WordPress sites already using Forminator version 1.29.3 don’t need to take any action.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com
Comments