Wpeverest Everest Forms Pro
4 CVEs affecting Wpeverest Everest Forms Pro. Latest disclosed: 2026-03-31. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-3300 | Critical | 9.8 | 2026-03-31 | The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is… |
CVE-2025-5927 | High | 7.5 | 2025-06-25 | The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() func… |
CVE-2026-27070 | High | 7.1 | 2026-03-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms Pro allows Stored XSS.This issue… |
CVE-2025-8871 | Medium | 5.6 | 2025-11-05 | The Everest Forms (Pro) plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted… |