A vulnerability was found in tenteeglobal Instant Appointment Plugin up to 1.2 and classified as critical. Affected by this vulnerability is the function
insapp_upload_image_as_attachment of the component File Upload. The manipulation results in unrestricted upload.
This vulnerability was named CVE-2026-15282. The attack may be performed from remote. There is no available exploit.