An Arbitrary File Upload vulnerability has been identified in the WordPress Forminator Plugin. This vulnerability allows an attacker to upload any type of file to the affected website, including malicious files that could be used to take control of the website.
This vulnerability was discovered and responsibly reported by Mehmet.
The vulnerability is an Arbitrary File Upload vulnerability that occurs in the forminator.php file. The vulnerability allows an attacker to upload any type of file to the website by specifying a specially crafted URL.
Severity:
The vulnerability has a CVSS 3.1 score of 9.8, which is considered to be critical. This means that the vulnerability is highly exploitable and could have a significant impact on the affected system.
Affected Versions:
The vulnerability affects WordPress websites that use the Forminator Plugin prior to version 1.25.0.
Impact:
An attacker who successfully exploits this vulnerability could:
- Upload malicious files, such as backdoors or viruses.
- Take control of the website.
- Disrupt the website’s operations.
Recommendation:
Users of the Forminator Plugin are strongly advised to update to version 1.25.0 or higher as soon as possible. This will fix the vulnerability and protect users from attacks.