PatchSiren

WebRehab CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL WebRehab CVE published 2026-07-10

CVE-2026-14894

The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload. This vulnerability exists in all versions up to, and including, 6.3.313 due to missing file type validation and the absence of any capability check on the submit_form nopriv AJAX handler. The only barrier to exploitation is a session nonce that can be freely obtained by unauthenticated visitors via a se [truncated]