Everest Forms@* Security Vulnerabilities and Issues — Everest Forms@* CVE List

Lucene search

WpeverestEverest Forms*

15 matches found

CVE•added 2025/02/25 7:15 a.m.•140 views

CVE-2025-1128

The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVF_Form_Fields_Upload class in all versions up...

9.8CVSS7.1AI score0.0124EPSS

CVE•added 2025/04/11 1:15 p.m.•105 views

CVE-2025-3439

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'field_value' parameter. This makes it possible for ...

9.8CVSS9.7AI score0.00732EPSS

CVE•added 2024/04/09 7:15 p.m.•78 views

CVE-2024-1812

The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can...

7.2CVSS9.1AI score0.00465EPSS

CVE•added 2019/07/18 3:15 p.m.•73 views

CVE-2019-13575

A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php

9.8CVSS9.9AI score0.02087EPSS

CVE•added 2025/02/13 6:15 a.m.•51 views

CVE-2024-13125

The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

3.5CVSS5.7AI score0.00038EPSS

CVE•added 2025/04/11 1:15 p.m.•51 views

CVE-2025-3422

The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not properly...

6.3CVSS5.7AI score0.00064EPSS

CVE•added 2025/04/11 1:15 p.m.•49 views

CVE-2025-3421

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. Th...

6.1CVSS6AI score0.00134EPSS

CVE•added 2021/12/21 9:15 a.m.•44 views

CVE-2021-24907

The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue

6.1CVSS6.1AI score0.00471EPSS

CVE•added 2024/06/14 6:15 a.m.•43 views

CVE-2023-51377

Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through 2.0.3.

5.3CVSS5.3AI score0.00202EPSS

CVE•added 2024/11/26 6:15 a.m.•37 views

CVE-2024-10471

The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS4.7AI score0.00038EPSS

CVE•added 2025/05/12 3:15 p.m.•34 views

CVE-2025-26841

Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload.

6.1CVSS7.4AI score0.00049EPSS

CVE•added 2024/02/01 11:15 a.m.•32 views

CVE-2023-51695

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! allows Stored XSS.This issue affects Everest Forms – Build Contact Forms, Surveys, Polls, Appli...

5.9CVSS5.1AI score0.00058EPSS

CVE•added 2025/05/15 8:15 p.m.•14 views

CVE-2024-8542

The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS5.7AI score0.00039EPSS

CVE•added 2025/06/25 10:15 a.m.•9 views

CVE-2025-5927

The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the serv...

7.5CVSS8.1AI score0.00471EPSS

CVE•added 2025/06/27 12:15 p.m.•8 views

CVE-2025-52709

Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms allows Object Injection. This issue affects Everest Forms: from n/a through 3.2.2.

9.8CVSS6.5AI score0.00054EPSS