wpeverest — Vulnerabilities & Security Advisories 44

Browse all 44 CVE security advisories affecting wpeverest. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by wpeverest:User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder User Registration Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder Everest Forms Pro Everest Forms Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress Plugin Everest Forms - Frontend Listing

CVE ID	Title	CVSS	Severity	Published
CVE-2025-1511	User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-79	6.1	Medium	2025-02-28
CVE-2025-1128	Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-434	9.8	Critical	2025-02-25
CVE-2023-29429	WordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerability — User RegistrationCWE-862	5.3	Medium	2024-12-09
CVE-2023-51377	WordPress Everest Forms plugin <= 2.0.3 - Broken Access Control vulnerability — Everest FormsCWE-862	5.3	Medium	2024-06-14
CVE-2024-4958	User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-862	7.1	High	2024-06-01
CVE-2024-2417	User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-862	8.8	High	2024-05-02
CVE-2024-3295	User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-862	6.5	Medium	2024-05-02
CVE-2024-1812	Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-918	7.2	High	2024-04-09
CVE-2023-27459	WordPress User Registration plugin <= 2.3.2.1 - Authenticated PHP Object Injection vulnerability — User RegistrationCWE-502	7.4	High	2024-03-26
CVE-2024-1720	User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.4 - Unauthenticated Stored Self-Based Cross-Site Scripting — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-79	4.7	Medium	2024-03-07
CVE-2023-51695	WordPress Everest Forms Plugin <= 2.0.4.1 is vulnerable to Cross Site Scripting (XSS) — Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!CWE-79	5.9	Medium	2024-02-01
CVE-2023-3342	User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-434	9.9	Critical	2023-07-13
CVE-2023-3343	User Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object Injection — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-502	8.8	High	2023-07-13
CVE-2023-23987	WordPress User Registration plugin <= 2.3.0 - Cross Site Scripting (XSS) — User RegistrationCWE-79	5.9	Medium	2023-04-06

This page lists every published CVE security advisory associated with wpeverest. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

wpeverest — Vulnerabilities & Security Advisories 44