From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: Forminator Forms - Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and Creation 2. Vulnerability Description: - Describes an unauthorized access vulnerability in the Forminator Forms plugin for WordPress, caused by the lack of permission checks in all versions (including 1.35.1). - Specifically, attackers with Contributor-level access, or permissions granted by an administrator, can create or edit existing forms, including updating the default registration role to Administrator on user registration forms. 3. Vulnerability Rating: - CVSS Score: 3.1 - CVSS Score: 7.5 (High) 4. Public Release Date: October 25, 2024 5. Last Updated Date: October 26, 2024 6. Researcher: wesley (wcrafl) 7. Fix Status: Fixed 8. Affected Versions: <= 1.35.1 - Fixed Version: 1.36.0 9. Reference Link: plugins.trac.wordpress.org 10. Exploitation: - Describes how attackers can exploit this vulnerability to create or edit forms, including updating the default registration role to Administrator on user registration forms. 11. Remediation Recommendation: - Recommend updating to version 1.36.0 or higher of the plugin. 12. Copyright and Licensing Information: - Copyright and licensing information is provided by Defiant Inc. and MITRE Corporation. 13. Vulnerability Database: - Wordfence Intelligence’s WordPress vulnerability database is free and accessible via API for querying. 14. Additional Information: - Provides information about Wordfence products, including free and paid versions, documentation, learning center, support, etc. This information helps users understand the details of the vulnerability, as well as how to remediate and avoid potential security risks.