7 matches found
CVE-2025-3439
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...
WordPress Everest Forms plugin <= 3.1.1 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by kuaile in WordPress Plugin Everest Forms versions = 3.1.1...
CVE-2025-3439
creationtimestamp| type| source ---|---|--- 2025-04-11 15:37:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmkdyc6bpr2i 2025-04-11 15:48:41+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114320115017132840 2025-04-11 16:27:11+00:00| seen|...
CVE-2025-3439
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...
CVE-2025-3439
The CVE-2025-3439 entry describes a PHP Object Injection in Everest Forms for WordPress up to version 3.1.1, achieved via deserialization of untrusted input in the field_value parameter. Attackers can inject a PHP object, but impact depends on whether a POP (object payload) chain exists in anothe...
CVE-2025-3439 Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...
CVE-2025-3439 Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...