All 7 CVE vulnerabilities found in Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder, with AI-generated Chinese analysis, references, and POCs.
Vendor: wpeverest
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-5478 | Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter CWE-22 | 8.1 | High | 2026-04-20 |
| CVE-2026-3296 | Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata CWE-502 | 9.8 | Critical | 2026-04-08 |
| CVE-2025-3421 | Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting CWE-79 | 6.1 | Medium | 2025-04-11 |
| CVE-2025-3439 | Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection CWE-502 | 9.8 | Critical | 2025-04-11 |
| CVE-2025-3422 | Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution CWE-94 | 5.4 | Medium | 2025-04-11 |
| CVE-2025-1128 | Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion CWE-434 | 9.8 | Critical | 2025-02-25 |
| CVE-2024-1812 | Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url CWE-918 | 7.2 | High | 2024-04-09 |
All 7 known CVE vulnerabilities affecting Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder with full Chinese analysis, references, and POCs where available.