Skip to main content

Everest Forms CVE-2026-11571

| EUVDEUVD-2026-42508 HIGH
2026-07-09 WPScan GHSA-32jc-cm64-7hx3
7.5
CVSS 3.1 · Vendor: WPScan
Share

Severity by source

Vendor (WPScan) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
7.5 HIGH

Unauthenticated remote HTTP retrieval of enumerable files (AV:N/AC:L/PR:N/UI:N) with sensitive-data disclosure only, so C:H and I/A:N.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (WPScan).

CVSS VectorVendor: WPScan

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Analysis Generated
Jul 09, 2026 - 16:47 vuln.today
CVSS changed
Jul 09, 2026 - 16:22 NVD
7.5 (None) 7.5 (HIGH)
Patch available
Jul 09, 2026 - 08:01 EUVD
CVE Published
Jul 09, 2026 - 06:00 cve.org
HIGH 7.5
CVE Published
Jul 09, 2026 - 06:00 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via predictable, enumerable filenames.

AnalysisAI

Information disclosure in the Everest Forms WordPress plugin before 3.5.0 allows unauthenticated remote attackers to download other users' form submissions. The plugin generates temporary CSV files during email-notification processing but fails to reliably delete them, leaving them publicly accessible in the wp-content uploads directory under predictable, enumerable filenames. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify site running vulnerable Everest Forms
Delivery
Enumerate predictable CSV filenames in uploads
Exploit
Request temp CSV files over HTTP
Execution
Retrieve other users' submission records
Impact
Exfiltrate leaked PII

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target site uses Everest Forms (before 3.5.0) with email-notification processing that generates the temporary CSV files, and that those files remain in the publicly served wp-content/uploads directory. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are largely consistent and point to a genuine but moderate real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker identifies a WordPress site running a vulnerable Everest Forms version and scripts requests against the uploads directory, iterating over the predictable CSV filename pattern. Because retrieval requires no authentication or user interaction, each successful guess returns another user's form submission data (names, emails, and any other collected fields). …
Remediation Vendor-released patch: upgrade Everest Forms to version 3.5.0 or later, which corrects the temporary-file cleanup and storage behavior; this is the primary and recommended fix (advisory: https://wpscan.com/vulnerability/4bd381e9-2f4e-4e61-99af-88f50aed71f5/). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all WordPress installations using Everest Forms and identify vulnerable versions (before 3.5.0). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-1128 CRITICAL
9.8 Feb 25

The Everest Forms - Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is

CVE-2025-3439 CRITICAL
9.8 Apr 11

The Everest Forms - Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is

CVE-2026-12270 MEDIUM POC
6.5 Jul 09

Unauthenticated remote attackers can completely bypass access controls on Everest Forms REST API endpoints in all plugin

CVE-2021-24907 MEDIUM POC
6.1 Dec 21

The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter befo

CVE-2019-13575 CRITICAL
9.8 Jul 18

A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Rated critical sever

CVE-2024-10471 MEDIUM POC
4.8 Nov 26

The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow h

CVE-2025-5927 HIGH
7.5 Jun 25

The Everest Forms (Pro) WordPress plugin versions up to 1.9.4 contain an arbitrary file deletion vulnerability in the de

CVE-2024-13125 LOW POC
3.5 Feb 13

The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow h

CVE-2024-1812 HIGH
7.2 Apr 09

The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including

CVE-2025-26841 MEDIUM
6.1 May 12

Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code

CVE-2023-51695 MEDIUM
5.9 Feb 01

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest

CVE-2025-3422 MEDIUM
5.4 Apr 11

The The Everest Forms - Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress

Share

CVE-2026-11571 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy