Lucene search
K

10 matches found

Patchstack
Patchstack
added 2025/07/01 12:0 a.m.6 views

WordPress Everest Forms Plugin <= 3.2.2 is vulnerable to PHP Object Injection

Software Everest Forms Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52709 Patch priority High CVSS severity High 9.8 Developer Everest Forms PSID ed6f018dd59f Credits Phat RiO - BlueRock Required privilege...

9.8CVSS6.4AI score
Exploits0References1Affected Software1
NVD
NVD
added 2025/06/25 10:15 a.m.10 views

CVE-2025-5927

The Everest Forms Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteentryfiles function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...

7.5CVSS0.0058EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/05/19 2:58 a.m.8 views

WordPress Everest Forms plugin < 3.0.3.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Everest Forms versions 3.0.3.1...

4.8CVSS6AI score0.0032EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2025/04/11 1:15 p.m.18 views

CVE-2025-3422

The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not proper...

6.3CVSS0.00251EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/11 12:42 p.m.37 views

CVE-2025-3439 Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...

9.8CVSS0.01096EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/11 12:0 a.m.11 views

PT-2025-16114 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress versions up to, and including, 3.1.1 Description: The issue is related to Reflected Cross-Site Scripting via the form id parameter due to...

6.1CVSS6.5AI score0.00295EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/02/25 6:58 a.m.36 views

CVE-2025-1128 Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion

The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVFFormFieldsUpload class in all versions up...

9.8CVSS0.25991EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/02/25 12:0 a.m.7 views

PT-2025-7814 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress versions 3.0.9.4 and earlier Description: The issue is related to arbitrary file upload, read, and deletion due to missing file type and path...

9.8CVSS9.5AI score0.25991EPSS
Exploits0References28
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.6 views

WordPress plugin Everest Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

3.5CVSS7.7AI score0.00314EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.7 views

PT-2024-18328 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: Everest Forms plugin for WordPress versions up to, and including, 2.0.7 Description: The issue allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. This can be used to query and...

7.2CVSS9.3AI score0.00536EPSS
Exploits1References8
Rows per page
Query Builder