A vulnerability classified as critical was found in Piotnet Addons for Elementor Pro Plugin up to 7.1.70 on WordPress. This issue affects the function pafe_ajax_form_builder . Executing a manipulation of the argument File can lead to unrestricted upload. This vulnerability appears as CVE-2026-4885 . The attack may be performed from remote. There is no available exploit.