10 matches found
WordPress Everest Forms Plugin <= 3.2.2 is vulnerable to PHP Object Injection
Software Everest Forms Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52709 Patch priority High CVSS severity High 9.8 Developer Everest Forms PSID ed6f018dd59f Credits Phat RiO - BlueRock Required privilege...
CVE-2025-5927
The Everest Forms Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteentryfiles function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...
WordPress Everest Forms plugin < 3.0.3.1 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Everest Forms versions 3.0.3.1...
CVE-2025-3422
The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not proper...
CVE-2025-3439 Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...
PT-2025-16114 · WordPress · Everest Forms
Name of the Vulnerable Software and Affected Versions: The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress versions up to, and including, 3.1.1 Description: The issue is related to Reflected Cross-Site Scripting via the form id parameter due to...
CVE-2025-1128 Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion
The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVFFormFieldsUpload class in all versions up...
PT-2025-7814 · WordPress · Everest Forms
Name of the Vulnerable Software and Affected Versions: Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress versions 3.0.9.4 and earlier Description: The issue is related to arbitrary file upload, read, and deletion due to missing file type and path...
WordPress plugin Everest Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-18328 · WordPress · Everest Forms
Name of the Vulnerable Software and Affected Versions: Everest Forms plugin for WordPress versions up to, and including, 2.0.7 Description: The issue allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. This can be used to query and...