A vulnerability was found in Forminator Forms Plugin up to 1.44.2 on WordPress. It has been declared as critical. This vulnerability affects the function entry_delete_upload_files of the component PHAR File Parser. The manipulation leads to deserialization.

This vulnerability was named CVE-2025-6464. The attack can be initiated remotely. There is no exploit available.