wpeverest
Web & CMS Pluginscommercial
Latest CVEs
The 15 most recently published vulnerabilities affecting wpeverest.
- CVE-2026-7651User Registration & Membership <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion via 'profile-pic-url' Parameter5.3
- CVE-2026-4888Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending4.3
- CVE-2026-6145User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter5.3
- CVE-2026-3601User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification4.3
- CVE-2026-4882User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload9.8
- CVE-2026-42652WordPress User Registration plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability7.1
- CVE-2026-5478Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter8.1
- CVE-2026-6203User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter6.1
- CVE-2026-1865User Registration & Membership <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[]6.5
- CVE-2026-3296Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata9.8
- CVE-2026-3300Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field9.8
- CVE-2026-32488WordPress User Registration plugin <= 4.4.9 - Privilege Escalation vulnerability8.1
- CVE-2026-4056User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation5.4
- CVE-2026-27070WordPress Everest Forms Pro plugin <= 1.9.10 - Cross Site Scripting (XSS) vulnerability7.1
- CVE-2026-1492User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration9.8