CVE-2026-9843: Arbitrary File Deletion Vulnerability in Database for Contact Form 7, WPforms, Elementor forms Plugin
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation. This allows unauthenticated attackers to delete arbitrary files, potentially leading to remote code execution. The vulnerability has a CVSS score of 8.1 and affects all versions up to 1.5.1. Immediate patching is recommended.