The Forminator Forms plugin for WordPress has a security flaw that allows unauthorized people to access it. This is because there is no check to make sure that the person trying to access it has the right permissions. This means that someone with Contributor-level access or higher, and with permission from an Administrator, can make new forms or change existing ones. They can even change the default role for new users to Administrator on the User Registration forms.