Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Everest Forms – Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease! 3.0.4.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: November 5, 2024

The Everest Forms plugin for WordPress, which is used to create various types of forms, is at risk for an attack called Stored Cross-Site Scripting. This means that certain parts of the plugin’s code do not properly protect against malicious code being inserted into forms. This vulnerability can only be exploited by someone who has administrator-level access to the website and can potentially harm users who access the affected pages. This issue only affects certain types of WordPress installations.

Detected in:

Contact Form by Everest Forms – Simple Contact Form to Advanced Contact Form, Quiz, Survey, & Custom Contact Form Builder for WordPress fixed vulnerable versions:
Everest Forms – Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease! fixed vulnerable versions:
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder fixed vulnerable versions:
Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress fixed vulnerable versions:
Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress fixed vulnerable versions:
Everest Forms – WP Form Builder for Contact, Payment, Quiz, Newsletter, Survey & Poll! fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.