Everest forms – contact form, payment form, quiz, survey & custom form builder
This hub aggregates every CVE we track for Everest forms – contact form, payment form, quiz, survey & custom form builder, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
8
CVEs tracked
3
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM3CRITICAL3HIGH2
Monthly trend
0
0
0
0
0
0
0
1
0
3
0
0
0
0
0
0
0
0
0
0
0
2
1
0
2024-072026-06
Latest CVEs
The 8 most recently published vulnerabilities affecting Everest forms – contact form, payment form, quiz, survey & custom form builder.
- CVE-2026-4888Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending4.3
- CVE-2026-5478Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter8.1
- CVE-2026-3296Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata9.8
- CVE-2025-3421Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting6.1
- CVE-2025-3422Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution5.4
- CVE-2025-3439Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection9.8
- CVE-2025-1128Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion9.8
- CVE-2024-1812Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url7.2
Product normalization is registry-driven with AI assist and human review. How it works