CVE-2026-12270
The Everest Forms WordPress plugin (before 3.5.0) exposes several onboarding assistant REST API endpoints without proper access control. The vulnerability arises because the capability check is only enforced when a specific attacker-controlled request header is present, allowing an unauthenticate...