Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition.
https://securityaffairs.com/162113/security/forminator-wordpress-plugin-flaws.html?web_view=true
https://securityaffairs.com/162113/security/forminator-wordpress-plugin-flaws.html