VYPR

Everest

by WordPress

CVEs (5)

  • CVE-2025-8871MedNov 5, 2025
    risk 0.36cvss 5.6epss 0.00

    The Everest Forms (Pro) plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mime_content_type() function. This makes it possible for unauthenticated attackers to inject a PHP Object.…

  • CVE-2025-3421MedApr 11, 2025
    risk 0.33cvss 6.1epss 0.00

    The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization…

  • CVE-2024-8542May 15, 2025
    risk 0.00cvss epss 0.00

    The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2025-3422Apr 11, 2025
    risk 0.00cvss epss 0.00

    The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action…

  • CVE-2025-3439Apr 11, 2025
    risk 0.00cvss epss 0.01

    The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'field_value' parameter. This…