CRITICAL
tombgtn
CVE published 2026-07-08
CVE-2026-14487
The Simple Coherent Form plugin for WordPress has a critical vulnerability, CVE-2026-14487, allowing unauthenticated attackers to delete arbitrary files, potentially leading to remote code execution. This vulnerability exists due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. Users of the Simple Coherent Form plugin for WordPress should b [truncated]