2 matches found
WordPress Everest Forms plugin <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability
Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin Everest Forms versions = 3.1.1...
CVE-2025-3422
The CVE-2025-3422 entry describes a vulnerability in the WordPress Everest Forms plugin (versions up to and including 3.1.1). The underlying issue is improper validation of a value before running do_shortcode, enabling arbitrary shortcode execution. This allows authenticated attackers with Subscr...