The Quform WordPress Form Builder plugin had a major security issue, making it vulnerable to Sensitive Information Exposure in versions up to 2.20.0. The problem came from the saveUploadedFile function, which allowed unauthenticated attackers to extract sensitive data, including Personally Identifiable Information, from files uploaded by users. Even after upgrading to 2.21.0, any forms created before the update remained at risk of exposure.

To fully fix the issue, site administrators should download and delete all previously existing files and forms before creating new ones. Applying this patch ensures the plugin remains secure and prevents unauthorized access to private data. Always keep your WordPress Form Builder tools updated to the latest versions to protect sensitive user information.