CVE-2024-28890: Unauthenticated Arbitrary File Upload in Forminator Exposed 500,000+ WordPress Sites (CVSS 9.8)
CVE-2024-28890 is a critical (CVSS 9.8) unauthenticated arbitrary file upload vulnerability in the Forminator form builder plugin, installed on 500,000+ WordPress sites. Attackers could upload PHP web shells and fully take over vulnerable sites. Here…
Read Article