The Forminator WordPress plugin has a high-severity vulnerability (CVE-2025-6463) that allows unauthenticated file deletion, risking site takeover. Users should update to the patched version 1.44.3 to prevent potential exploitation. #Forminator #WordPressVulnerability
Keypoints
- The vulnerability affects all versions of the Forminator plugin before 1.44.3.
- Insufficient validation during file handling can allow attackers to delete critical files like wp-config.php.
- Deleting core files can force the site into a setup state, enabling attackers to hijack the website.
- The flaw was discovered by security researcher βPhat RiO β BlueRockβ and fixed by WPMU DEV.
- Site owners are advised to update or deactivate the plugin until a secure version is installed.