From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor - Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Upload 2. Vulnerability Description: - Describes an unauthenticated arbitrary media upload vulnerability in the Funnelforms Free plugin for WordPress. - Due to the lack of authorization checks for the function in the file, the vulnerability exists in all versions, including 3.7.3.2. - Unauthenticated attackers can upload arbitrary media to the website, even without any form being present. 3. Vulnerability Rating: - CVSS Score: 3.1 - CVSS Rating Level: Medium (Medium) 4. Disclosure Date: August 27, 2024 - Last Updated: August 28, 2024 5. Researcher: Lucio Sá 6. Fix Status: - Fixed: Yes - Fixed Version: 3.7.4.1 7. Affected Versions: <= 3.7.3.2 8. Reference Links: - plugins.trac.wordpress.org - plugins.trac.wordpress.org 9. Vulnerability Details: - Provides detailed information about the vulnerability, including software type, software alias, whether it is fixed, fixed version, affected versions, etc. 10. Copyright and Licensing Information: - Copyright: Defiant Inc. and MITRE Corporation - License: Defiant and MITRE each grant a perpetual, worldwide, non-exclusive, royalty-free, irrevocable copyright license for copying, creating derivative works, public display, public performance, distribution, etc. 11. Contact Information: - Provides an email address to contact Defiant Inc.: wfi-support@wordfence.com 12. Wordfence Intelligence: - Offers free API access to Wordfence Intelligence and free webhook integration to stay updated on the latest vulnerabilities. This information helps users understand the vulnerability details, how to fix it, and how to avoid potential security risks.