CVE-2024-8542

Medium CVSS: 4.8

The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Vendor

Wpeverest

Product

Everest Forms

CWE

CWE-79

Yayın Tarihi

2025-05-15 20:15:58

Güncelleme

2025-06-04 20:08:44

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-79 Everest Forms MEDIUM Wpeverest 2025

Referanslar

https://wpscan.com/vulnerability/e5f94dcf-a6dc-4c4c-acb6-1a7ead701053/

Benzer Kayıtlar

Critical

CVE-2025-60210

Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-lis…

High

CVE-2025-5927

The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path vali…

Medium

CVE-2025-26841

Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code…

Medium

CVE-2025-39400

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Reg…

High

CVE-2025-2594

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when…

High

CVE-2025-2563

The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when…