Lucene search
+L

4 matches found

NVD
NVD
added 2025/02/25 7:15 a.m.35 views

CVE-2025-1128

The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVFFormFieldsUpload class in all versions up...

9.8CVSS0.25991EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/02/25 6:58 a.m.16 views

CVE-2025-1128 Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion

The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVFFormFieldsUpload class in all versions up...

9.8CVSS9.5AI score0.25991EPSS
Exploits0References5
CVE
CVE
added 2025/02/25 6:58 a.m.195 views

CVE-2025-1128

The CVE-2025-1128 entry concerns the Everest Forms plugin for WordPress. The vulnerability lies in the EVF_Form_Fields_Upload class, where missing file type and path validation in the format method affects all versions up to and including 3.0.9.4. This allows unauthenticated attackers to upload, ...

9.8CVSS7.1AI score0.25991EPSS
Exploits0References5Affected Software1
Circl
Circl
added 2025/02/25 4:8 a.m.29 views

CVE-2025-1128

creationtimestamp| type| source ---|---|--- 2025-02-25 04:08:48+00:00| seen| https://bsky.app/profile/dinosn.bsky.social/post/3lixyigdwhk22 2025-02-25 05:22:27+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3liy4malhvv2y 2025-02-25 05:53:23+00:00| seen|...

9.8CVSS7.1AI score0.25991EPSS
Exploits0References13
Rows per page
Query Builder