CVE-2025-60210

Critical CVSS: 9.8

Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms - Frontend Listing: from n/a through <= 1.0.5.

Vendor

Wpeverest

Product

Everest Forms Frontend Listing

CWE

CWE-502

Yayın Tarihi

2025-10-22 15:15:58

Güncelleme

2026-01-20 15:17:32

Source Identifier

audit@patchstack.com

KEV Date Added

Kategoriler

CWE-502 Everest Forms Frontend Listing CRITICAL Wpeverest 2025

Referanslar

https://patchstack.com/database/Wordpress/Plugin/everest-forms-frontend-listing/vulnerability/wordpress-everest-forms-frontend-listing-plugin-1-0-5-php-object-injection-vulnerability?_s_id=cve

Benzer Kayıtlar

High

CVE-2025-5927

The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path vali…

Medium

CVE-2024-8542

The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow…

Medium

CVE-2025-26841

Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code…

Medium

CVE-2025-39400

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Reg…

High

CVE-2025-2594

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when…

High

CVE-2025-2563

The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when…