8173 matches found
CVE-2025-3439
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...
CVE-2025-3439
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...
CVE-2025-3421
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'formid' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping...
CVE-2025-3422
The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not proper...
CVE-2025-3422
The CVE-2025-3422 entry describes a vulnerability in the WordPress Everest Forms plugin (versions up to and including 3.1.1). The underlying issue is improper validation of a value before running do_shortcode, enabling arbitrary shortcode execution. This allows authenticated attackers with Subscr...
CVE-2025-3422 Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not proper...
CVE-2025-3421 Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'formid' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping...
CVE-2025-3422 Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not proper...
CVE-2025-3421 Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'formid' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping...
CVE-2025-3439 Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...
PT-2025-16115 · WordPress · Everest Forms
Name of the Vulnerable Software and Affected Versions: The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress versions up to 3.1.1 Description: The issue arises from the software's failure to properly validate a value before executing do shortcode, allowin...
Formie for Craft CMS 跨站脚本漏洞
Formie for Craft CMS is an open source form plugin for Craft CMS by Verbb. A cross-site scripting vulnerability exists in Formie for Craft CMS versions prior to 2.1.44 that stems from not properly escaping output when importing forms...
WordPress plugin Everest Forms 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
WordPress plugin Everest Forms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-16114 · WordPress · Everest Forms
Name of the Vulnerable Software and Affected Versions: The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress versions up to, and including, 3.1.1 Description: The issue is related to Reflected Cross-Site Scripting via the form id parameter due to...
PT-2025-16116 · WordPress · Everest Forms
Name of the Vulnerable Software and Affected Versions: Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress versions up to, and including, 3.1.1 Description: The vulnerability allows unauthenticated attackers to inject a PHP Object via deserialization of...
WordPress plugin Everest Forms 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
GHSA-256Q-HX8W-XCQX Silverstripe Framework user enumeration via timing attack on login and password reset forms
Impact User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials. This was originally disclosed in https://www.silverstripe.org/download/security-releases/ss-2017-005/ for CMS 3 but was not patched in CMS 4+ References -...
CVE-2025-32279
Missing Authorization vulnerability in Shahjada Live Forms liveforms.This issue affects Live Forms: from n/a through = 4.8.5...
CVE-2025-30151
Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin...