Vulnerabilities in wpeverest

50 results

CVE-2025-3281MEDIUMUser Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User DeletionEPSS 0.4%CVE-2026-7651MEDIUMUser Registration & Membership <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion via 'profile-pic-url' ParameterEPSS 0.4%CVE-2026-32488HIGHWordPress User Registration plugin <= 4.4.9 - Privilege Escalation vulnerabilityEPSS 0.3%CVE-2023-51695MEDIUMWordPress Everest Forms Plugin <= 2.0.4.1 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2026-1779HIGHUser Registration & Membership <= 5.1.2 - Authentication BypassEPSS 0.3%CVE-2024-4958HIGHUser Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege EscalationEPSS 0.3%CVE-2025-9085MEDIUMUser Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL InjectionEPSS 0.3%CVE-2023-51377MEDIUMWordPress Everest Forms plugin <= 2.0.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-67956HIGHWordPress User Registration plugin <= 4.4.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-1865MEDIUMUser Registration & Membership <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[]EPSS 0.3%CVE-2025-6831MEDIUMUser Registration <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict ShortcodeEPSS 0.3%CVE-2026-3601MEDIUMUser Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content ModificationEPSS 0.3%CVE-2025-3421MEDIUMEverest Forms <= 3.1.1 - Reflected Cross-Site ScriptingEPSS 0.3%CVE-2025-1511MEDIUMUser Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site ScriptingEPSS 0.3%CVE-2026-4888MEDIUMEverest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email SendingEPSS 0.3%CVE-2025-13367MEDIUMUser Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode AttributesEPSS 0.3%CVE-2025-30899MEDIUMWordPress User Registration plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-3292MEDIUMUser Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password UpdateEPSS 0.3%CVE-2025-3422MEDIUMEverest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode ExecutionEPSS 0.3%CVE-2025-8871MEDIUMEverest Forms (Pro) <= 1.9.7 - Unauthenticated PHP Object Injection via PHAR Deserialization in Form SignatureEPSS 0.2%

← previouspage 2 / 3next →