From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Plugin Name: Post From Frontend <= 1.0.0 2. Vulnerability Type: Post Deletion via CSRF 3. Description: The plugin lacks CSRF protection when deleting posts, allowing attackers to perform CSRF attacks that force logged-in administrators to execute the deletion. 4. Proof of Concept: By adding specific shortcodes and links, the post deletion action can be triggered. 5. Affected Plugin: post-from-frontend 6. CVE ID: CVE-2024-9689 7. Classification: - Type: CSRF - OWASP Top 10: A2: Broken Authentication and Session Management - CWE ID: CWE-352 - CVSS Score: 4.3 (Medium) 8. Original Researcher: Bob Matyas 9. Submitter: Bob Matyas 10. Submitter Website: https://www.bobmatyas.com 11. Submitter Twitter: bobmatyas 12. Verification Status: Verified 13. WPVDB ID: ea501d37-1ec2-43ec-873a-ec204e965f60 14. Publication Date: 2024-10-15 15. Added Date: 2024-10-15 16. Updated Date: 2024-10-15 17. Related Vulnerabilities: - Brands for WooCommerce < 3.8.2.3 - Cross-Site Request Forgery - Cool Video Gallery 1.8 - admin/gallery-sort.php Gallery Sort Order Manipulation CSRF - WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF - PageLines Platform Theme <= 1.1.4 - Cross-Site Request Forgery (CSRF) - AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF This information helps understand the vulnerability’s details, scope of impact, and how it can be exploited.