Exploit for CVE-2026-3296

CVE-2026-3296 CVE-2026-3296 is a CVSS 9.8 Critical unauthentic...

VulnCheck KEV: CVE-2026-3296

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize on stored entry meta...

CVE-2026-22422 WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through = 3.4.1...

CVE-2024-8542

The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-8542

The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-8542

The CVE-2024-8542 vulnerability affects the Everest Forms WordPress plugin prior to version 3.0.3.1. It arises because the plugin does not properly sanitize and escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in ...

WordPress plugin Everest Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-3421

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'formid' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping...

CVE-2025-3422 Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not proper...

WordPress plugin Everest Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

CVE-2024-13125

The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13125

The Everest Forms WordPress plugin is vulnerable prior to version 3.0.8.1 due to insufficient sanitization/escaping of certain settings, enabling Stored XSS for high-privilege users such as admins (e.g., in multisite setups). Documented impact is Stored XSS with potential exposure of admin pages;...

PT-2025-6532 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: Everest Forms WordPress plugin versions prior to 3.0.8.1 Description: The issue allows high privilege users, such as admin, to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed, for example in ...

WordPress Everest Forms plugin < 3.0.4.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Everest Forms versions 3.0.4.2...

WordPress Everest Forms Plugin < 3.0.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Everest Forms Type Plugin Vulnerable versions 3.0.4.2 Fixed in 3.0.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10471 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 675cfcd37990 Credits Dmitrii Ignatyev Requir...

WordPress Everest Forms Plugin <= 2.0.3 is vulnerable to Broken Access Control

Software Everest Forms Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51377 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8b5448fc86fc Credits Revan Arifio Required privile...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.The WordPress everest-forms plugin has a cross-site scripting vulnerability in versions prior to 1.8.0. The...