Vulnerabilities > Wpeverest > Everest Forms > 3.0.7.1

DATE CVE VULNERABILITY TITLE RISK
2025-04-11 CVE-2025-3421 Cross-site Scripting vulnerability in Wpeverest Everest Forms
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping.
network
low complexity
wpeverest CWE-79
6.1
6.1
2025-04-11 CVE-2025-3422 Code Injection vulnerability in Wpeverest Everest Forms
The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1.
network
low complexity
wpeverest CWE-94
6.3
6.3
2025-04-11 CVE-2025-3439 Deserialization of Untrusted Data vulnerability in Wpeverest Everest Forms
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'field_value' parameter.
network
low complexity
wpeverest CWE-502
critical
 9.8
9.8