A vulnerability, which was classified as critical , was found in tidevapps Gerador de Certificados Plugin up to 1.3.6 on WordPress. The impacted element is the function moveUploadedFile . The manipulation results in unrestricted upload. This vulnerability is reported as CVE-2026-4808 . The attack can be launched remotely. No exploit exists.