Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! 2.0.3

  • Severity: medium-risk
  • Status: Fixed
  • Publication: December 26, 2023

The Everest Forms plugin for WordPress is potentially vulnerable to unauthorized form submission. This means that attackers who are not authenticated (logged in) may be able to submit forms that are disabled. The vulnerability is present in versions up to and including 2.0.3 of the plugin and is due to a missing validation check in the do_task function.

Detected in:

Contact Form by Everest Forms – Simple Contact Form to Advanced Contact Form, Quiz, Survey, & Custom Contact Form Builder for WordPress fixed vulnerable versions:
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! fixed vulnerable versions: >= * <= 2.0.3
Everest Forms – Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease! fixed vulnerable versions:
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder fixed vulnerable versions:
Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress fixed vulnerable versions:
Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress fixed vulnerable versions:
Everest Forms – WP Form Builder for Contact, Payment, Quiz, Newsletter, Survey & Poll! fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.