Name of the Vulnerable Software and Affected Versions:

Funnelforms Free plugin for WordPress versions up to and including 3.4

Description:

The issue allows authenticated attackers with subscriber-level permissions and above to modify data without proper authorization. This is due to a missing capability check on the `fnsf delete posts` function, enabling them to delete arbitrary posts, including those of administrators and posts unrelated to the Funnelforms Free plugin.

Recommendations:

For versions up to and including 3.4, consider disabling the `fnsf delete posts` function until a patch is available to prevent unauthorized post deletion. Restrict access to the Funnelforms Free plugin's functionality to minimize the risk of exploitation.