Forminator Fiasco: 400,000 WordPress Sites at Risk Due to Vulnerability!

A flaw in the Forminator WordPress plugin allows attackers to delete crucial files and seize control of over 400,000 websites. This exploit involves an arbitrary file deletion vulnerability in Forminator, making it a prime target. Users should update to the latest version immediately to avoid potential chaos.

3P
Published: July 2, 2025 10:12 amAdded: July 2, 2025 at 3:40 amAssembled by: The Editor
Pro Dashboard

Hot Take:

When it comes to cybersecurity, Forminator just got schooled in the art of vulnerability! With more than 400,000 websites at risk, it’s time for WordPress users to update faster than you can say “CVE-2025-6463”. This is one form you definitely don’t want to fill out!

Key Points:

  • Forminator, a popular WordPress plugin, has a critical vulnerability affecting over 400,000 websites.
  • The vulnerability (CVE-2025-6463) allows attackers to delete arbitrary files due to insufficient file path validation.
  • Exploitation could lead to site takeover, especially if attackers delete crucial files like wp-config.php.
  • The flaw was patched in version 1.44.3, but many sites remain unprotected due to slow update adoption.
  • A researcher was awarded an $8,100 bug bounty for discovering the vulnerability.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?