A vulnerability was found in Gravity Forms Plugin up to 2.10.4 on WordPress. It has been classified as problematic. The affected element is an unknown function. This manipulation of the argument gform_uploaded_files causes path traversal.
This vulnerability appears as CVE-2026-12997. The attack may be initiated remotely. There is no available exploit.