4 matches found
CVE-2025-1128
The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVFFormFieldsUpload class in all versions up...
CVE-2025-1128 Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion
The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVFFormFieldsUpload class in all versions up...
CVE-2025-1128
The CVE-2025-1128 entry concerns the Everest Forms plugin for WordPress. The vulnerability lies in the EVF_Form_Fields_Upload class, where missing file type and path validation in the format method affects all versions up to and including 3.0.9.4. This allows unauthenticated attackers to upload, ...
CVE-2025-1128
creationtimestamp| type| source ---|---|--- 2025-02-25 04:08:48+00:00| seen| https://bsky.app/profile/dinosn.bsky.social/post/3lixyigdwhk22 2025-02-25 05:22:27+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3liy4malhvv2y 2025-02-25 05:53:23+00:00| seen|...