A vulnerability was found in Rocketgenius Gravity Forms Plugin up to 2.10.0.1 on WordPress. It has been rated as critical . This affects an unknown function. The manipulation leads to path traversal. This vulnerability is documented as CVE-2026-48866 . The attack can be initiated remotely. There is not any exploit available.