Threat actors could leverage the flaw — which stems from inadequate value sanitization conducted by the Forminator plugin’s function for saving form entry fields to the database — to remove specific arbitrary files on the server upon the removal of a form, according to WordPress security firm Defiant.
