Product
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function, allowing unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution.