A critical security flaw could affect thousands of WordPress sites

Hundreds of thousands of WordPress websites are vulnerable to a critical flaw that allows threat actors to upload malware to the site via a bug in a plugin.

As reported by BleepingComputer, Japan’s CERT recently found a critical severity error (9.8) in the Forminator plugin built by WPMU DEV. The flaw, now tracked as CVE-2024-28890, allows threat actors to obtain sensitive information by accessing files on the server.