Wpeverest Everest Forms — known CVE vulnerabilities
Every CVE whose affected-product data names Wpeverest Everest Forms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2025-1128 — CVSS 9.8 (critical): The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to…
CVE-2019-13575 — CVSS 9.8 (critical): A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this…
CVE-2025-3439 — CVSS 9.8 (critical): The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP…
CVE-2025-5927 — CVSS 7.5 (high): The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the…
CVE-2024-1812 — CVSS 7.2 (high): The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the…
CVE-2021-24907 — CVSS 6.1 (medium): The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it…
CVE-2025-26841 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload.
CVE-2025-3421 — CVSS 6.1 (medium): The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to…
CVE-2023-51695 — CVSS 5.9 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms – Build…
CVE-2025-3422 — CVSS 5.4 (medium): The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to…
CVE-2023-51377 — CVSS 5.3 (medium): Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through 2.0.3.
CVE-2024-10471 — CVSS 4.8 (medium): The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2024-8542 — CVSS 4.8 (medium): The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2024-13125 — CVSS 3.5 (low): The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users…