Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/04/13 1:42 p.m.33 views

CVE-2025-3439

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...

9.8CVSS7.5AI score0.01133EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/11 6:11 p.m.12 views

WordPress Everest Forms plugin <= 3.1.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by kuaile in WordPress Plugin Everest Forms versions = 3.1.1...

9.8CVSS9.1AI score0.01133EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2025/04/11 3:37 p.m.23 views

CVE-2025-3439

creationtimestamp| type| source ---|---|--- 2025-04-11 15:37:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmkdyc6bpr2i 2025-04-11 15:48:41+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114320115017132840 2025-04-11 16:27:11+00:00| seen|...

9.8CVSS7.1AI score0.01133EPSS
Exploits0References5
NVD
NVD
added 2025/04/11 1:15 p.m.48 views

CVE-2025-3439

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...

9.8CVSS0.01133EPSS
Exploits0References3
CVE
CVE
added 2025/04/11 12:42 p.m.154 views

CVE-2025-3439

The CVE-2025-3439 entry describes a PHP Object Injection in Everest Forms for WordPress up to version 3.1.1, achieved via deserialization of untrusted input in the field_value parameter. Attackers can inject a PHP object, but impact depends on whether a POP (object payload) chain exists in anothe...

9.8CVSS9.7AI score0.01133EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/11 12:42 p.m.16 views

CVE-2025-3439 Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...

9.8CVSS7.5AI score0.01133EPSS
Exploits0References3
OSV
OSV
added 2025/04/11 12:42 p.m.10 views

CVE-2025-3439 Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...

9.8CVSS7.5AI score0.01133EPSS
Exploits0References5
Rows per page
Query Builder