A vulnerability marked as critical has been reported in MagicForm Plugin up to 0.1.3 on WordPress. This affects an unknown part of the component PHP File Handler . This manipulation causes unrestricted upload. This vulnerability is tracked as CVE-2026-9815 . The attack is possible to be carried out remotely. No exploit exists.