CVE-2024-13125

Low CVSS: 3.5

The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Vendor

Wpeverest

Product

Everest Forms

CWE

CWE-79

Yayın Tarihi

2025-02-13 06:15:21

Güncelleme

2025-05-21 18:52:17

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-79 Everest Forms LOW Wpeverest 2025

Referanslar

https://wpscan.com/vulnerability/f60a8358-1765-4cae-9c89-0d75c5e394ec/

Benzer Kayıtlar

Critical

CVE-2025-60210

Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-lis…

High

CVE-2025-5927

The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path vali…

Medium

CVE-2024-8542

The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow…

Medium

CVE-2025-26841

Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code…

Medium

CVE-2025-39400

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Reg…

High

CVE-2025-2594

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when…