GitHub comments abused to push malware via Microsoft repo URLs
The Forminator WordPress plugin, utilized in over 500,000 sites, contains a critical flaw enabling unrestricted file uploads, putting sensitive information at risk and potentially causing denial-of-service conditions. Three vulnerabilities, including insufficient file validation, SQL injection, and cross-site scripting, affect various plugin versions. Site admins should update to version 1.29.3 immediately. Despite a security update, 320,000…