CVE-2026-14894 - Super Forms <= 6.3.313 - Unauthenticated Arbitrary File Upload via 'data' Parameter (datauristring / value)
CVE ID :CVE-2026-14894 Published : July 10, 2026, 4:17 a.m. | 14 minutes ago Description :The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submit_form function. This is due to missing...