VYPR

Everest Forms (Pro)

by WordPress

CVEs (2)

  • CVE-2025-5927HigJun 25, 2025
    risk 0.42cvss 7.5epss 0.01

    The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to delete…

  • CVE-2025-8871MedNov 5, 2025
    risk 0.36cvss 5.6epss 0.00

    The Everest Forms (Pro) plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mime_content_type() function. This makes it possible for unauthenticated attackers to inject a PHP Object.…