CRITICAL
Piotnet
CVE published 2026-05-19
CVE-2026-4883
CVE-2026-4883 describes a critical file upload flaw in the Piotnet Forms WordPress plugin. The issue affects versions up to and including 2.1.40 and can allow unauthenticated attackers to upload arbitrary files, which may lead to remote code execution if the uploaded content is executable on the server. The supplied record notes that exploitation requires a file field to be added to the form.