The WordPress plugin called “Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)” has a security flaw that could allow unauthorized users to upload media files. This is because the plugin does not have a check in place to verify the user’s permissions when using the “buddyforms_upload_handle_dropped_media” function. This vulnerability exists in all versions of the plugin up to and including 2.8.7.