CVE-2026-3296

EPSS 0.88%
Veröffentlicht 08.04.2026 01:24:43
Zuletzt bearbeitet 27.04.2026 19:04:22
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize() on stored entry meta values without passing the allowed_classes parameter. This makes it possible for unauthenticated attackers to inject a serialized PHP object payload through any public Everest Forms form field. The payload survives sanitize_text_field() sanitization (serialization control characters are not stripped) and is stored in the wp_evf_entrymeta database table. When an administrator views entries or views an individual entry, the unsafe unserialize() call processes the stored data without class restrictions.

Mögliche Gegenmaßnahme

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder with AI: Update to version 3.4.4, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

CNA 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerwpeverest

≫

Produkt Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

Default Statusunaffected

Version <= 3.4.3

Version 0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder with AI

Version *-3.4.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.88%	0.543

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://www.wordfence.com/threat-intel/vulnerabilities/id/2693ae37-790d-4b18-a9ec-054c8c27b8bc?source=cve

https://plugins.trac.wordpress.org/browser/everest-forms/tags/3.4.3/includes/admin/views/html-admin-page-entries-view.php#L133

https://plugins.trac.wordpress.org/browser/everest-forms/trunk/includes/admin/views/html-admin-page-entries-view.php#L133

https://plugins.trac.wordpress.org/browser/everest-forms/tags/3.4.3/includes/evf-core-functions.php#L5594

https://plugins.trac.wordpress.org/changeset/3489938/everest-forms/tags/3.4.4/readme.txt?old=3464753&old_path=everest-forms%2Ftags%2F3.4.3%2Freadme.txt

https://plugins.trac.wordpress.org/changeset?old_path=/everest-forms/tags/3.4.3&new_path=/everest-forms/tags/3.4.4

https://www.wordfence.com/threat-intel/vulnerabilities/id/2693ae37-790d-4b18-a9ec-054c8c27b8bc

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-3296

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-3296

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-3296

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-3296