Threat actors could leverage the flaw — which stems from inadequate value sanitization conducted by the Forminator plugin's function for saving form entry fields to the database — to remove specific arbitrary files on the server upon the removal of a form, according to WordPress security firm Defiant.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Article Link: Widespread WordPress site takeover possible with plugin flaw | SC Media