Tag: Site Takeover
-
Critical WordPress Flaw CVE-2025-5947 (CVSS 9.8) Under Active Exploitation for Admin Takeover
A critical vulnerability has been discovered in the popular WordPress theme Service Finder, allowing attackers to gain unauthorized access to any account on affected websites — including administrative ones. The issue stems from the integrated Service Finder Bookings plugin, used for managing reservations and bundled directly with the theme. At its core, the flaw enables…
-
Forminator WordPress Plugin Flaw (CVE-2025-6463, CVSS 8.8): Unauthenticated Arbitrary File Deletion Leads to Site Takeover
A critical vulnerability has been discovered in the popular WordPress plugin Forminator, enabling unauthenticated attackers to arbitrarily delete files from a website. This flaw poses a significant threat, potentially allowing full compromise of targeted resources. Identified as CVE-2025-6463, it carries a CVSS severity score of 8.8 and is classified as critical. Forminator Forms, developed by…