Everest forms
This hub aggregates every CVE we track for Everest forms, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
15
CVEs tracked
3
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM9CRITICAL3HIGH2LOW1
Monthly trend
0
0
0
0
1
0
0
2
0
3
2
1
0
0
0
0
0
0
0
1
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Everest forms.
- CVE-2026-22422WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability5.3
- CVE-2025-5927Everest Forms (Pro) <= 1.9.4 - Unauthenticated Path Traversal to Arbitrary File Deletion7.5
- CVE-2024-8542Everest Forms < 3.0.3.1 - Admin+ Stored XSS4.8
- CVE-2025-26841Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload.6.1
- CVE-2025-3422Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution5.4
- CVE-2025-3421Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting6.1
- CVE-2025-3439Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection9.8
- CVE-2025-1128Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion9.8
- CVE-2024-13125Everest Forms < 3.0.8.1 - Admin+ Stored XSS3.5
- CVE-2024-10471Everest Forms < 3.0.4.2 - Admin+ Stored XSS4.8
- CVE-2023-51377WordPress Everest Forms plugin <= 2.0.3 - Broken Access Control vulnerability5.3
- CVE-2024-1812Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url7.2
- CVE-2023-51695WordPress Everest Forms Plugin <= 2.0.4.1 is vulnerable to Cross Site Scripting (XSS)5.9
- CVE-2021-24907Everest Forms < 1.8.0 - Reflected Cross-Site Scripting6.1
- CVE-2019-13575A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary ...9.8
Product normalization is registry-driven with AI assist and human review. How it works