<ul data-eligibleForWebStory="false"><li>A high-severity vulnerability was discovered in the Forminator WordPress plugin, potentially allowing hackers to take over compromised websites.</li><li>The vulnerability involved insufficient validation of form field input and an unsafe file deletion logic that could force Forminator to delete a core WordPress file, leading to a complete site takeover.</li><li>The issue is tracked as CVE-2025-6463 with a severity score of 8.8/10 and affects all versions up to 1.44.2. A patch (version 1.44.3) is available and users are advised to update immediately to mitigate the risk.</li><li>Experts recommend upgrading Forminator plugin to the latest version or disabling/deleting it to stay safe. With over 600,000 active websites using the plugin, applying the patch is crucial to avoid exploitation.</li></ul>

Another top WordPress plugin hacked to allow account takeover - stay safe with these tips

Discover more