Hundreds of thousands of WordPress sites are vulnerable due to a critical vulnerability in the popular Forminator plugin. This vulnerability, known as CVE-2024-28890, has an impact score of 9.8 on a scale of 10. This means that the issue is very serious and requires immediate action. The Forminator plugin, which is used to create web forms such as contact forms and polls, contains a flaw that allows attackers to upload and execute dangerous files on the web server. Although version 1.29.0 of the plugin fixes the problem, it appears that a large number of websites are still vulnerable because they use older versions.
What is Forminator?
Forminator is a WordPress plugin that allows you to easily create different types of forms, such as contact forms, quizzes and polls. This plugin is used by more than half a million websites due to its user-friendly interface and versatile functionalities.
How does the vulnerability work?
The vulnerability in Forminator allows attackers to upload dangerous files to the server and execute them. This can lead to complete control over the affected website, with all the associated risks such as data loss, phishing and malware distribution.
Impact of the vulnerability
The Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has rated this vulnerability with a score of 9.8, indicating a critical vulnerability. Websites that have not been updated to version 1.29.0 or newer are at high risk.
Why are so many sites still vulnerable?
Although version 1.29.0 of the Forminator plugin fixes the vulnerability, figures show that around 45% of users are still using older versions. This is often due to outdated update procedures, inattention or lack of technical knowledge.
Steps to secure your site
- Update the plugin: Make sure you always use the latest version of Forminator.
- Check other plugins: Other plugins may also be vulnerable. Keep all your software up to date.
- Use security plugins: Install additional security plugins that monitor suspicious activity.
- Backup regularly: Make regular backups of your website to minimize data loss.
- Limit file uploads: Limit the type of files users can upload.
Additional security tips
In addition to updating the Forminator plugin, there are additional measures you can take to secure your WordPress site:
- Install a firewall: A firewall can help block malicious access attempts.
- Use strong passwords: Make sure all your accounts have strong, unique passwords.
- Restrict access rights: Only grant access to important parts of your site to trusted users.
- Monitor your site: Actively monitor your website for suspicious activity.
- Use SSL certificates: SSL certificates help secure data exchange between your site and its users.
Closing note
The vulnerability in the Forminator plugin is a serious issue that requires immediate attention. Make sure you keep your plugins up to date and take additional security measures to protect your website from attacks. By being proactive and regularly checking your security settings, you can significantly reduce risk. If you would like to know more about how to keep your website secure, consider consulting specialist services such as Flexamedia, who can help maintain and secure your WordPress site. For more information about website management and security, visit the about page WordPress maintenance.
With these tips and measures you ensure that your WordPress site is better protected against vulnerabilities and attacks.