Lucene search
K

700 matches found

NVD
NVD
added 2026/04/08 2:16 a.m.11 views

CVE-2026-3296

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize on stored entry meta...

9.8CVSS0.00878EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/04/08 1:24 a.m.3 views

CVE-2026-3296 Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize on stored entry meta...

9.8CVSS5.9AI score0.00878EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/08 1:24 a.m.22 views

CVE-2026-3296 Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize on stored entry meta...

9.8CVSS0.00878EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/08 1:24 a.m.6 views

EUVD-2026-20020

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize on stored entry meta...

9.8CVSS5.9AI score0.00878EPSS
Exploits1References6
CVE
CVE
added 2026/04/08 1:24 a.m.49 views

CVE-2026-3296

The Everest Forms WordPress plugin ( 3.4.3 (e.g., 3.4.4 or later) to fix the issue. If upgrading is not immediate, disable or audit admin entry views to avoid triggering deserialization.

9.8CVSS5.9AI score0.00878EPSS
In wildExploits1References6
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.9 views

PT-2026-31067

Name of the Vulnerable Software and Affected Versions Everest Forms plugin for WordPress versions up to and including 3.4.3 Description The Everest Forms plugin for WordPress is susceptible to PHP Object Injection due to the unsafe deserialization of untrusted input from form entry metadata. The...

9.8CVSS5.8AI score0.00878EPSS
Exploits1References19
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

WordPress plugin Everest Forms 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.8CVSS5.9AI score0.00878EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/04/01 5:0 a.m.4 views

CVE-2026-3300

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...

9.8CVSS6.3AI score0.40992EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/03/31 6:57 a.m.6 views

WordPress Everest Forms Pro plugin <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field vulnerability

Unauthenticated Remote Code Execution via Calculation Field vulnerability discovered by hoshino in WordPress Plugin Everest Forms Pro versions = 1.9.12...

9.8CVSS6AI score0.40992EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/31 3:31 a.m.5 views

EUVD-2026-17275

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...

9.8CVSS6.3AI score0.40992EPSS
Exploits1References4
NVD
NVD
added 2026/03/31 2:15 a.m.43 views

CVE-2026-3300

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...

9.8CVSS0.40992EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/31 1:24 a.m.33 views

CVE-2026-3300 Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...

9.8CVSS0.40992EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/31 1:24 a.m.4 views

CVE-2026-3300 Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...

9.8CVSS6.3AI score0.40992EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 1:24 a.m.257 views

CVE-2026-3300

CVE-2026-3300 affects Everest Forms Pro for WordPress (versions

9.8CVSS6.3AI score0.40992EPSS
In wildExploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 1:24 a.m.5 views

CVE-2026-3300

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...

9.8CVSS6.3AI score0.40992EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.7 views

PT-2026-29180

Name of the Vulnerable Software and Affected Versions Everest Forms Pro versions prior to 1.9.13 Description Unauthenticated attackers can achieve remote code execution via PHP code injection in the Everest Forms Pro plugin for WordPress. The issue exists within the Calculation Addon's process...

9.8CVSS6.9AI score0.40992EPSS
Exploits1References65
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.11 views

WordPress plugin Everest Forms Pro 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

9.8CVSS6.2AI score0.40992EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.4 views

CVE-2026-27815

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118chargerImpl::handlesessionsetup copies a variable-length paymentoptions list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can...

9.1CVSS5.9AI score0.00272EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.3 views

CVE-2026-33015

EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop StopTransaction, the EVSE can return to PrepareCharging via the EV's BCB toggle, allowing session restart. This breaks the irreversibility of remote stop and can bypass...

5.2CVSS5.9AI score0.00214EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.4 views

CVE-2026-27816

EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118chargerImpl::handleupdateenergytransfermodes copies a variable-length list into a fixed-size array of length 6 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can...

9.1CVSS5.9AI score0.00197EPSS
Exploits0References1
Rows per page
Query Builder