PatchSiren

tombgtn CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL tombgtn CVE published 2026-07-08

CVE-2026-14487

The Simple Coherent Form plugin for WordPress has a critical vulnerability, CVE-2026-14487, allowing unauthenticated attackers to delete arbitrary files, potentially leading to remote code execution. This vulnerability exists due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. Users of the Simple Coherent Form plugin for WordPress should b [truncated]