A vulnerability identified as critical has been detected in Database for Contact Form 7, WPforms, Elementor forms Plugin up to 1.4.7 on WordPress. Affected is the function download_csv. The manipulation leads to deserialization.

This vulnerability is referenced as CVE-2026-2599. Remote exploitation of the attack is possible. No exploit is available.