A vulnerability was found in tenteeglobal Instant Appointment Plugin up to 1.2 and classified as critical. Affected by this vulnerability is the function insapp_upload_image_as_attachment of the component File Upload. The manipulation results in unrestricted upload.

This vulnerability was named CVE-2026-15282. The attack may be performed from remote. There is no available exploit.