A vulnerability was found in Contact Form 7 Plugin, WPforms Plugin and Elementor Forms Plugin up to 1.5.1 on WordPress. It has been declared as critical. This vulnerability affects unknown code of the component File Field. Executing a manipulation of the argument form-field can lead to deserialization.
This vulnerability appears as CVE-2026-12081. The attack may be performed from remote. There is no available exploit.