5.3

CVE-2026-22422

WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability

Everest Forms <= 3.4.1 - Unauthenticated Arbitrary Shortcode Execution

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through <= 3.4.1.
Mögliche Gegenmaßnahme
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder with AI: Update to version 3.4.2, or a newer patched version
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellerwpeverest
Produkt Everest Forms
Default Statusunaffected
Version <= 3.4.1
Version 0
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder with AI
Version *-3.4.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.126
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

https://patchstack.com/database/Wordpress/Plugin/everest-forms/vulnerability/wordpress-everest-forms-plugin-3-4-1-arbitrary-shortcode-execution-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/8b8c85f2-11c7-491f-9b91-0ddf4814e40d
Third Party Advisory