WordPress Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending vulnerability

Missing Authorization to Authenticated Subscriber+ Email Sending vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Everest Forms versions = 3.4.7...

CVE-2026-22422 WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through = 3.4.1...

CVE-2025-60210

CVE-2025-60210 affects WordPress plugin Everest Forms - Frontend Listing (versions up to and including 1.0.5). The issue is a Deserialization of Untrusted Data leading to PHP Object Injection in everest-forms-frontend-listing. Descriptions across NVD/Red Hat/EUVD/CVE List indicate high-severity i...

WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by Najib Sinjari in WordPress Plugin Everest Forms versions = 3.4.1...

CVE-2025-52709

...

WordPress Everest Forms plugin <= 3.1.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by kuaile in WordPress Plugin Everest Forms versions = 3.1.1...

WordPress Everest Forms Plugin < 3.0.8.1 - Authenticated (Admin+) XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.128103";...

WordPress Everest Forms plugin <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion vulnerability

Unauthenticated Arbitrary File Upload, Read, and Deletion vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Everest Forms versions = 3.0.9.4...

WordPress Everest Forms plugin < 3.0.8.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Everest Forms versions 3.0.8.1...

WordPress Everest Forms Plugin < 3.0.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Everest Forms Type Plugin Vulnerable versions 3.0.4.2 Fixed in 3.0.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10471 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 675cfcd37990 Credits Dmitrii Ignatyev Requir...

PT-2024-18328 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: Everest Forms plugin for WordPress versions up to, and including, 2.0.7 Description: The issue allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. This can be used to query and...

WordPress Everest Forms Plugin <= 2.0.3 is vulnerable to Broken Access Control

Software Everest Forms Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-51377 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8b5448fc86fc Credits Revan Arifio Required privile...