Everest Forms Security Vulnerabilities and Issues — Everest Forms CVE List

Lucene search

WpeverestEverest Forms

4 matches found

CVE•added 2024/04/09 7:15 p.m.•78 views

CVE-2024-1812

The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can...

7.2CVSS9.1AI score0.00465EPSS

Web

CVE•added 2024/06/14 6:15 a.m.•43 views

CVE-2023-51377

Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through 2.0.3.

5.3CVSS5.3AI score0.00202EPSS

CVE•added 2024/11/26 6:15 a.m.•37 views

CVE-2024-10471

The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS4.7AI score0.00057EPSS

CVE•added 2024/02/01 11:15 a.m.•32 views

CVE-2023-51695

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! allows Stored XSS.This issue affects Everest Forms – Build Contact Forms, Surveys, Polls, Appli...

5.9CVSS5.1AI score0.00058EPSS