A vulnerability marked as critical has been reported in WebRehab Super Forms Plugin up to 6.3.313. This issue affects the function
submit_form of the component AJAX Handler. The manipulation leads to unrestricted upload.
This vulnerability is documented as CVE-2026-14894. The attack can be initiated remotely. There is not any exploit available.