A critical vulnerability in the Forminator plugin for WordPress, tracked as CVE-2025-6463, allows unauthenticated arbitrary file deletion, which could lead to full site takeover. The issue affects all versions up to 1.44.2 and is due to insufficient input validation, enabling attackers to delete essential files like wp-config.php. Users are urged to update to version 1.44.3 to mitigate the risk.