A vulnerability marked as critical has been reported in WebRehab Super Forms Plugin up to 6.3.313. This issue affects the function submit_form of the component AJAX Handler. The manipulation leads to unrestricted upload.

This vulnerability is documented as CVE-2026-14894. The attack can be initiated remotely. There is not any exploit available.