{"id":2511,"date":"2024-05-09T03:52:52","date_gmt":"2024-05-09T03:52:52","guid":{"rendered":"https:\/\/certera.com\/blog\/?p=2511"},"modified":"2024-05-09T03:52:54","modified_gmt":"2024-05-09T03:52:54","slug":"a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites","status":"publish","type":"post","link":"https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/","title":{"rendered":"A Severe Vulnerability in the Forminator Plugin Affects over 300,000 WordPress Sites"},"content":{"rendered":"\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><strong>According to a recent cybersecurity finding, more than 50,000 websites that use the popular WordPress plugin Forminator are vulnerable to severe security vulnerabilities<\/strong>.<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">Website administrators who use the Forminator plugin on WordPress must\u00a0update their sites as soon as possible with the most recent version of the plugin. This is because of many\u00a0flaws in the Forminator plugin that might have caused malicious file uploads and site crashes on the intended websites.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Recommended:<\/strong> <a href=\"https:\/\/certera.com\/blog\/wordpress-google-fonts-plugin-vulnerability-impacts-up-to-300000-sites\/\">WordPress Google Fonts Plugin Vulnerability: Impacts Up to +300,000 Sites<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>The vulnerability notes portal (JVN) of Japan&#8217;s CERT released an alert on Thursday<\/strong>, notifying of the occurrence of a significant severity flaw (CVE-2024-28890, CVSS v3: 9.8) in Forminator, which might enable a remote attacker to upload malware to websites that use the plugin.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Attackers could carry out various malicious activities with the help of these vulnerabilities, such as stealing confidential information or taking total control of compromised websites.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-is-the-forninator-plugin\">What is the Forninator Plugin?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">A popular WordPress plugin, Forminator, generates and manages several forms on websites, such as surveys, quizzes, and contact forms.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Furthermore, the plugin integrates with several other services, including AWeber, Google Sheets, Zapier, Trello, MailChimp, and Zapier. This indicates that you can use Forminator to collect&nbsp;emails, data, and nearly any other information.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Website administrators prefer it because of its easy-to-use drag-and-drop interface and compatibility features with CRMs and email marketing platforms.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">&nbsp;However, because of its widespread popularity, fraudsters also find it an attractive target.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-technical-specifics-of-the-vulnerabilities\">Technical Specifics of the Vulnerabilities<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Three&nbsp;distinct vulnerabilities affected the WordPress plugin Forminator, according to a recent JPCERT\/CC warning. Malicious file uploads, access to stored data, and website crashes might all result from abusing these vulnerabilities.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-cve-2024-28890-cvss-9-8-unlimited-file-upload\">CVE-2024-28890 (CVSS 9.8): Unlimited File Upload\u00a0<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">&nbsp;A vulnerability of significant severity that could allow unlimited file uploads. Using the vulnerability, a hacker might get access to private information, upload malicious files to the intended server, and even change the plugin to cause a denial of service (DoS). This could result in the website being taken over and unauthorized code execution.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">&nbsp;This vulnerability&#8217;s critical severity is indicated by its 9.8 CVSS score.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-cve-2024-31077-cvss-7-2-sql-injection\">CVE-2024-31077 (CVSS 7.2):\u00a0SQL Injection\u00a0<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Attackers with administrator rights can use this vulnerability to run any SQL query in the website&#8217;s database.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Another vulnerability where DoS attacks might be possible is the target database&#8217;s information, which an attacker could access or modify because of this\u00a0SQL injection vulnerability.\u00a0<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The CVSS score for this vulnerability is 7.2.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-cve-2024-31857-cvss-6-1-cross-site-scripting-xss\">CVE-2024-31857 (CVSS 6.1):\u00a0Cross-Site Scripting (XSS)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">&nbsp;A cross-site scripting (XSS) vulnerability that a hacker could use to change the content of the target website and get user data.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Using this vulnerability, attackers can insert malicious HTML or script code into user-viewed sites.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This could result in stealing session tokens, cookies, or other private data the user&#8217;s browser manages.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The CVSS score for the XSS flaw&nbsp;is 6.1.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-remediation-approaches\">Remediation Approaches\u00a0<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">It is recommended that site administrators who use the Forminator plugin update it as soon as possible to version 1.29.3, which fixes all three vulnerabilities.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Roughly 180,000 site administrators have downloaded the plugin since the security update was released on April 8, 2024, according to statistics provided by WordPress.org<\/em><strong>. <\/strong>Even if every download was for the most recent version, 320,000 websites are still open to intrusions.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>The following steps should be taken right now by website administrators who use the Forminator plugin to mitigate these risks:<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-constant-monitor-and-review\">Constant Monitor\u00a0and Review:\u00a0<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Audit and monitor the website often for any unauthorized modifications or unusual activity. Use various security methods, tools,\u00a0preventive measures,\u00a0and plugins to improve monitoring approaches.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-delete-unused-plugins\">Delete Unused Plugins:\u00a0<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Always delete and deactivate any plugins you won&#8217;t use.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-update-the-plugin\">Update the Plugin:\u00a0<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Make sure that Forminator is updated to the most recent version as soon as possible.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-alert-the-customers\">Alert the Customers:\u00a0<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Make sure users know the\u00a0potential risks of phishing and the different malicious\u00a0approaches that could be used to exploit these vulnerabilities.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Recommended:<\/strong> <a href=\"https:\/\/certera.com\/blog\/most-common-wordpress-security-issues-solutions\/\">Most Common WordPress Security Issues &amp; Solutions<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-conclusion\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">WordPress security should be given top priority on any website; having professional guidance at your fingertips could potentially make all the difference. <\/p>\n\n\n\n<p class=\"quote-section wp-block-paragraph\"><a href=\"https:\/\/certera.com\/services\/wordpress-support-services\">Experienced WordPress support services<\/a> can help you identify any setup vulnerabilities and ensure that everything is secure to protect your information. Our comprehensive strategy for security includes every aspect, from keeping an eye on website\u00a0activity to identifying malicious\u00a0code and countering brute force attacks.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to a recent cybersecurity finding, more than 50,000 websites that use the popular WordPress plugin Forminator are vulnerable to severe security vulnerabilities. Website administrators who use the Forminator plugin on WordPress must\u00a0update their sites as soon as possible with the most recent version of the plugin. This is because of many\u00a0flaws in the Forminator<span class=\"morelink d-block mt-3\"><a href=\"https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/\">Read More<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":2512,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32,20],"tags":[508,427],"class_list":["post-2511","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerability","category-wordpress-support-service","tag-forminator-plugin-vulnerability","tag-wordpress-vulnerabilities","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.6 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>A Severe Vulnerability in Forminator Plugin affects 300+ WordPress Sites<\/title>\n<meta name=\"description\" content=\"A critical vulnerability in the Forminator plugin, affecting over 500,000 WordPress sites, has been disclosed by Japan&#039;s CERT.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Severe Vulnerability in the Forminator Plugin Affects over 300,000 WordPress Sites\" \/>\n<meta property=\"og:description\" content=\"A critical vulnerability in the Forminator plugin, affecting over 500,000 WordPress sites, has been disclosed by Japan&#039;s CERT.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/\" \/>\n<meta property=\"og:site_name\" content=\"EncryptedFence by Certera - Web &amp; Cyber Security Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/certeraLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-09T03:52:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-09T03:52:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/certera.com\/blog\/wp-content\/uploads\/2024\/05\/forminator-plugin-vulnerabilities.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"960\" \/>\n\t<meta property=\"og:image:height\" content=\"620\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Janki Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:site\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Janki Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\\\/\"},\"author\":{\"name\":\"Janki Mehta\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\"},\"headline\":\"A Severe Vulnerability in the Forminator Plugin Affects over 300,000 WordPress Sites\",\"datePublished\":\"2024-05-09T03:52:52+00:00\",\"dateModified\":\"2024-05-09T03:52:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\\\/\"},\"wordCount\":740,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/05\\\/forminator-plugin-vulnerabilities.jpg\",\"keywords\":[\"Forminator Plugin Vulnerability\",\"WordPress Vulnerabilities\"],\"articleSection\":[\"Vulnerability\",\"WordPress Support Service\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\\\/#respond\"]}],\"copyrightYear\":\"2024\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\\\/\",\"name\":\"A Severe Vulnerability in Forminator Plugin affects 300+ WordPress Sites\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/05\\\/forminator-plugin-vulnerabilities.jpg\",\"datePublished\":\"2024-05-09T03:52:52+00:00\",\"dateModified\":\"2024-05-09T03:52:54+00:00\",\"description\":\"A critical vulnerability in the Forminator plugin, affecting over 500,000 WordPress sites, has been disclosed by Japan's CERT.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\\\/#primaryimage\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/05\\\/forminator-plugin-vulnerabilities.jpg\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/05\\\/forminator-plugin-vulnerabilities.jpg\",\"width\":960,\"height\":620,\"caption\":\"Forminator Plugin Vulnerabilities\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/certera.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A Severe Vulnerability in the Forminator Plugin Affects over 300,000 WordPress Sites\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"name\":\"EncryptedFence by Certera - Web & Cyber Security Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"alternateName\":\"Certera's EncryptedFence Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/certera.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\",\"name\":\"Certera\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"caption\":\"Certera\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/certeraLLC\\\/\",\"https:\\\/\\\/x.com\\\/certera_llc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/certera-llc\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\",\"name\":\"Janki Mehta\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"caption\":\"Janki Mehta\"},\"description\":\"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\\\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.\",\"sameAs\":[\"https:\\\/\\\/certerassl.com\\\/\"],\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/author\\\/certerabguser\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"A Severe Vulnerability in Forminator Plugin affects 300+ WordPress Sites","description":"A critical vulnerability in the Forminator plugin, affecting over 500,000 WordPress sites, has been disclosed by Japan's CERT.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/","og_locale":"en_US","og_type":"article","og_title":"A Severe Vulnerability in the Forminator Plugin Affects over 300,000 WordPress Sites","og_description":"A critical vulnerability in the Forminator plugin, affecting over 500,000 WordPress sites, has been disclosed by Japan's CERT.","og_url":"https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/","og_site_name":"EncryptedFence by Certera - Web &amp; Cyber Security Blog","article_publisher":"https:\/\/www.facebook.com\/certeraLLC\/","article_published_time":"2024-05-09T03:52:52+00:00","article_modified_time":"2024-05-09T03:52:54+00:00","og_image":[{"width":960,"height":620,"url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2024\/05\/forminator-plugin-vulnerabilities.jpg","type":"image\/jpeg"}],"author":"Janki Mehta","twitter_card":"summary_large_image","twitter_creator":"@certera_llc","twitter_site":"@certera_llc","twitter_misc":{"Written by":"Janki Mehta","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/#article","isPartOf":{"@id":"https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/"},"author":{"name":"Janki Mehta","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7"},"headline":"A Severe Vulnerability in the Forminator Plugin Affects over 300,000 WordPress Sites","datePublished":"2024-05-09T03:52:52+00:00","dateModified":"2024-05-09T03:52:54+00:00","mainEntityOfPage":{"@id":"https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/"},"wordCount":740,"commentCount":0,"publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"image":{"@id":"https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2024\/05\/forminator-plugin-vulnerabilities.jpg","keywords":["Forminator Plugin Vulnerability","WordPress Vulnerabilities"],"articleSection":["Vulnerability","WordPress Support Service"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/#respond"]}],"copyrightYear":"2024","copyrightHolder":{"@id":"https:\/\/certera.com\/blog\/#organization"}},{"@type":"WebPage","@id":"https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/","url":"https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/","name":"A Severe Vulnerability in Forminator Plugin affects 300+ WordPress Sites","isPartOf":{"@id":"https:\/\/certera.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/#primaryimage"},"image":{"@id":"https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2024\/05\/forminator-plugin-vulnerabilities.jpg","datePublished":"2024-05-09T03:52:52+00:00","dateModified":"2024-05-09T03:52:54+00:00","description":"A critical vulnerability in the Forminator plugin, affecting over 500,000 WordPress sites, has been disclosed by Japan's CERT.","breadcrumb":{"@id":"https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/#primaryimage","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2024\/05\/forminator-plugin-vulnerabilities.jpg","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2024\/05\/forminator-plugin-vulnerabilities.jpg","width":960,"height":620,"caption":"Forminator Plugin Vulnerabilities"},{"@type":"BreadcrumbList","@id":"https:\/\/certera.com\/blog\/a-severe-vulnerability-in-the-forminator-plugin-affects-over-300000-wordpress-sites\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/certera.com\/blog\/"},{"@type":"ListItem","position":2,"name":"A Severe Vulnerability in the Forminator Plugin Affects over 300,000 WordPress Sites"}]},{"@type":"WebSite","@id":"https:\/\/certera.com\/blog\/#website","url":"https:\/\/certera.com\/blog\/","name":"EncryptedFence by Certera - Web & Cyber Security Blog","description":"","publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"alternateName":"Certera's EncryptedFence Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/certera.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/certera.com\/blog\/#organization","name":"Certera","url":"https:\/\/certera.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","caption":"Certera"},"image":{"@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/certeraLLC\/","https:\/\/x.com\/certera_llc","https:\/\/www.linkedin.com\/company\/certera-llc\/"]},{"@type":"Person","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7","name":"Janki Mehta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","caption":"Janki Mehta"},"description":"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.","sameAs":["https:\/\/certerassl.com\/"],"url":"https:\/\/certera.com\/blog\/author\/certerabguser\/"}]}},"_links":{"self":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/2511","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/comments?post=2511"}],"version-history":[{"count":2,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/2511\/revisions"}],"predecessor-version":[{"id":2514,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/2511\/revisions\/2514"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media\/2512"}],"wp:attachment":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media?parent=2511"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/categories?post=2511"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/tags?post=2511"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}