CVE-2024-28890

Name of the Vulnerable Software and Affected Versions Forminator versions prior to 1.29.0

Description The issue is related to an unrestricted upload of files with dangerous types in the Forminator plugin for WordPress. This could allow a remote attacker to upload arbitrary files to the server, potentially leading to sensitive information disclosure, site alteration, and denial-of-service (DoS) conditions.

Recommendations For versions prior to 1.29.0, update to version 1.29.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the file upload functionality in the Forminator plugin until the update is applied.