CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Hacker News•added 3 days ago•10 views

Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 CVSS score: 9.8, a remote code execution...

9.8CVSS6.9AI score0.00327EPSS

Wordfence Blog•added 5 days ago•7 views

Attackers Actively Exploiting Critical Vulnerability in Everest Forms Pro Plugin

On March 30th, 2026, we publicly disclosed a critical Remote Code Execution vulnerability in Everest Forms Pro, a WordPress plugin with an estimated 4,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to execute arbitrary PHP code on the server, leading to...

9.8CVSS6.7AI score0.00327EPSS

VulnCheck KEV•added 5 days ago•5 views

VulnCheck KEV: CVE-2026-3300

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...

9.8CVSS6.2AI score0.00327EPSS

In wildExploits1References3

EUVD•added 2026/05/28 12:30 a.m.•9 views

EUVD-2026-32678

NVD•added 2026/05/28 12:16 a.m.•10 views

Exploits0References3

CVE-2026-4888

4.3CVSS0.0001EPSS

CNNVD•added 2026/05/28 12:0 a.m.•6 views

WordPress plugin Everest Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Cvelist•added 2026/05/27 11:26 p.m.•25 views

CVE-2026-4888 Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending

4.3CVSS0.0001EPSS

CVE•added 2026/05/27 11:26 p.m.•11 views

CVE-2026-4888

CVE-2026-4888 affects the Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder for WordPress. The vulnerability is due to a missing capability check in the send_test_email() function across all versions up to and including 3.4.7, allowing authenticated attackers with Sub...

ATTACKERKB•added 2026/05/27 11:26 p.m.•10 views

CVE-2026-4888

Vulnrichment•added 2026/05/27 11:26 p.m.•6 views

Exploits0References3

CVE-2026-4888 Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending

Patchstack•added 2026/05/27 10:58 a.m.•9 views

WordPress Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending vulnerability

Missing Authorization to Authenticated Subscriber+ Email Sending vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Everest Forms versions = 3.4.7...

4.3CVSS5.8AI score0.0001EPSS

Exploits0References1Affected Software1

GithubExploit•added 2026/05/26 6:33 a.m.•65 views

Exploit for CVE-2026-3296

CVE-2026-3296 CVE-2026-3296 is a CVSS 9.8 Critical unauthentic...

9.8CVSS5.8AI score0.00037EPSS