Wpeverest Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder
8 CVEs affecting Wpeverest Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder. Latest disclosed: 2026-05-28. Critical: 3, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-3296 | Critical | 9.8 | 2026-04-08 | The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input… |
CVE-2025-3439 | Critical | 9.8 | 2025-04-11 | The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in a… |
CVE-2025-1128 | Critical | 9.8 | 2025-02-25 | The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, r… |
CVE-2026-5478 | High | 8.1 | 2026-04-20 | The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin… |
CVE-2024-1812 | High | 7.2 | 2024-04-09 | The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. T… |
CVE-2025-3421 | Medium | 6.1 | 2025-04-11 | The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scri… |
CVE-2025-3422 | Medium | 5.4 | 2025-04-11 | The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode e… |
CVE-2026-4888 | Medium | 4.3 | 2026-05-28 | The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a mi… |