CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13125 – Everest Forms < 3.0.8.1 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-13125
17 Jan 2025 — The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.... • https://wpscan.com/vulnerability/f60a8358-1765-4cae-9c89-0d75c5e394ec • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10471 – Everest Forms < 3.0.4.2 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10471
05 Nov 2024 — The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). El complemento Everest Forms para WordPress anterior a la versión 3.0.4.2 no desinfecta ni escapa de algunas de sus configuraciones, lo que podría permitir que usuarios con privilegios elevados como el administrador realic... • https://wpscan.com/vulnerability/85d590c9-c96d-40c9-aa59-48302ba3d63c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8542 – Everest Forms <= 3.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-8542
01 Aug 2024 — The Everest Forms – Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page... • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51695 – WordPress Everest Forms Plugin <= 2.0.4.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-51695
27 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! allows Stored XSS.This issue affects Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!: from n/a through 2.0.4.1. La vulnerabilidad de neutralización incorrecta de la entrada durante de generación de páginas web ('Cross-site Scripting') en WPEverest Everest Forms – ... • https://patchstack.com/database/vulnerability/everest-forms/wordpress-everest-forms-plugin-2-0-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51377 – WordPress Everest Forms plugin <= 2.0.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51377
26 Dec 2023 — Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through 2.0.3. Vulnerabilidad de autorización faltante en WPEverest Everest Forms. Este problema afecta a Everest Forms: desde n/a hasta 2.0.3. The Everest Forms plugin for WordPress is vulnerable to unauthorized form submission due to a missing validation check in the do_task function in versions up to, and including, 2.0.3. This makes it possible for unauthenticated attackers to submit disabled forms. • https://patchstack.com/database/vulnerability/everest-forms/wordpress-everest-forms-plugin-2-0-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24907 – Everest Forms < 1.8.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24907
22 Nov 2021 — The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue El plugin Contact Form, Drag and Drop Form Builder para WordPress versiones anteriores a 1.8.0, no escapa del parámetro status antes de devolverlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/56dae1ae-d5d2-45d3-8991-db69cc47ddb7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2019-13575 – Contact Form, Drag and Drop Form Builder for WordPress – Everest Forms <= 1.4.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-13575
18 Jul 2019 — A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php Existe una vulnerabilidad de inyección de SQL en el plugin WPEverest Everest Forms para WordPress hasta 1.4.9. La explotación con éxito de esta vulnerabilidad permitiría a un atacante remoto ejecutar comandos SQL arbitrarios en el sistema afe... • https://fortiguard.com/zeroday/FG-VD-19-096 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •