Product
Unauthenticated attackers can exploit a Directory Traversal vulnerability (CVE-2026-12997) in the Gravity Forms plugin for WordPress, affecting all versions up to and including 2.10.4, to read arbitrary files on the server and receive their contents as an email attachment, potentially exfiltrating sensitive information.