A vulnerability was found in WPForms Plugin 1.9.1.6/1.9.2.3/1.10.0.1 on WordPress. It has been classified as critical . Impacted is an unknown function of the component Transaction Handler . This manipulation causes missing authorization. This vulnerability is handled as CVE-2026-4986 . The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.