Arbitrary Profile Picture Deletion via IDOR vulnerability discovered by Binit Ghimire in WordPress WPQA - Builder forms Addon plugin (versions < 5.2).
Update the WordPress WPQA - Builder forms Addon plugin to the latest available version (at least 5.2).