GitHub comments abused to push malware via Microsoft repo URLs

The Forminator WordPress plugin, utilized in over 500,000 sites, contains a critical flaw enabling unrestricted file uploads, putting sensitive information at risk and potentially causing denial-of-service conditions. Three vulnerabilities, including insufficient file validation, SQL injection, and cross-site scripting, affect various plugin versions. Site admins should update to version 1.29.3 immediately. Despite a security update, 320,000 sites remain vulnerable. No active exploitation reports have emerged, but the risk is substantial. To mitigate risks, minimize plugin usage, promptly update, and deactivate unnecessary plugins. Similar incidents include flaws in LayerSlider and Bricks WordPress plugins, emphasizing the ongoing importance of cybersecurity vigilance.

Read more

Sign up to receive daily content in your inbox

We don’t spam! Read our privacy policy for more info.

Share This Article

Leave Comment

Your email address will not be published. Required fields are marked *

Daily Newsletter

Subscribe to our free daily newsletter to get the latest summarized updates