Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Unauthenticated remote HTTP retrieval of enumerable files (AV:N/AC:L/PR:N/UI:N) with sensitive-data disclosure only, so C:H and I/A:N.
Primary rating from Vendor (WPScan).
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via predictable, enumerable filenames.
AnalysisAI
Information disclosure in the Everest Forms WordPress plugin before 3.5.0 allows unauthenticated remote attackers to download other users' form submissions. The plugin generates temporary CSV files during email-notification processing but fails to reliably delete them, leaving them publicly accessible in the wp-content uploads directory under predictable, enumerable filenames. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target site uses Everest Forms (before 3.5.0) with email-notification processing that generates the temporary CSV files, and that those files remain in the publicly served wp-content/uploads directory. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are largely consistent and point to a genuine but moderate real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker identifies a WordPress site running a vulnerable Everest Forms version and scripts requests against the uploads directory, iterating over the predictable CSV filename pattern. Because retrieval requires no authentication or user interaction, each successful guess returns another user's form submission data (names, emails, and any other collected fields). … |
| Remediation | Vendor-released patch: upgrade Everest Forms to version 3.5.0 or later, which corrects the temporary-file cleanup and storage behavior; this is the primary and recommended fix (advisory: https://wpscan.com/vulnerability/4bd381e9-2f4e-4e61-99af-88f50aed71f5/). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all WordPress installations using Everest Forms and identify vulnerable versions (before 3.5.0). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Everest Forms
View allThe Everest Forms - Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is
The Everest Forms - Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is
Unauthenticated remote attackers can completely bypass access controls on Everest Forms REST API endpoints in all plugin
The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter befo
A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Rated critical sever
The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow h
The Everest Forms (Pro) WordPress plugin versions up to 1.9.4 contain an arbitrary file deletion vulnerability in the de
The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow h
The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including
Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest
The The Everest Forms - Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42508
GHSA-32jc-cm64-7hx3