CVE-2025-26841

Medium CVSS: 6.1

Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload.

Vendor

Product

CWE

Yayın Tarihi

2025-05-12 15:15:59

Güncelleme

2025-07-01 19:35:16

Source Identifier

cve@mitre.org

KEV Date Added

CWE-79 Everest Forms MEDIUM Wpeverest 2025

https://everestforms.net https://gist.github.com/knilkantha/71458e9a787157653d5603fe6880bc05

Critical

CVE-2025-60210

Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-lis…

High

CVE-2025-5927

The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path vali…

Medium

CVE-2024-8542

The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow…

Medium

CVE-2025-39400

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Reg…

High

CVE-2025-2594

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when…

High

CVE-2025-2563

The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when…