Skip to main content

Everest Forms CVE-2026-12270

| EUVDEUVD-2026-42511 MEDIUM
2026-07-09 WPScan GHSA-v4gv-5wcc-cjvx
6.5
CVSS 3.1 · Vendor: WPScan
Share

Severity by source

Vendor (WPScan) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
vuln.today AI
6.5 MEDIUM

Network-reachable REST API requires no credentials; impact confined to partial config read and write plus email triggering, with no availability or scope change.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (WPScan).

CVSS VectorVendor: WPScan

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

5
Analysis Generated
Jul 09, 2026 - 17:17 vuln.today
CVSS changed
Jul 09, 2026 - 16:22 NVD
6.5 (None) 6.5 (MEDIUM)
Patch available
Jul 09, 2026 - 08:01 EUVD
CVE Published
Jul 09, 2026 - 06:00 cve.org
MEDIUM 6.5
CVE Published
Jul 09, 2026 - 06:00 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several REST API endpoints belonging to its onboarding assistant: the capability check is only applied when an attacker-controllable request header holds a specific value, so it can be bypassed by omitting or changing that header. This makes it possible for unauthenticated attackers to read onboarding status information, modify the related Everest Forms WordPress plugin before 3.5.0 options, and trigger an email from the site to an arbitrary address.

AnalysisAI

Unauthenticated remote attackers can completely bypass access controls on Everest Forms REST API endpoints in all plugin versions before 3.5.0, enabling them to read onboarding status data, modify plugin settings, and send emails from the WordPress site to arbitrary addresses. The flaw arises because the capability check is conditioned on an attacker-controllable HTTP request header - omitting or altering that header disables the authorization gate entirely. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify WordPress site running Everest Forms <3.5.0
Delivery
Send unauthenticated REST API request with header omitted or altered
Exploit
Authorization capability check bypassed
Execution
Read onboarding configuration or modify plugin settings
Impact
Trigger site outbound email to attacker-controlled address

Vulnerability AssessmentAI

Exploitation The target WordPress site must have the Everest Forms plugin installed and active in a version from 3.4.2 up to (not including) 3.5.0. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 6.5 Medium score (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) accurately reflects easy network exploitation with no authentication, but correctly scores limited impact - partial read and write, no availability or scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker sends HTTP requests to Everest Forms onboarding REST API endpoints while deliberately omitting or modifying the header value that normally activates the capability check, causing the authorization gate to be skipped entirely. The attacker reads onboarding configuration data, modifies plugin options to alter site behavior, and triggers outbound email from the WordPress site to an attacker-chosen address - enabling phishing or spam campaigns using the site's legitimate domain and mail infrastructure. …
Remediation Update Everest Forms to version 3.5.0 or later; this is the vendor-released patch that corrects the broken authorization logic. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-11571 HIGH POC
7.5 Jul 09

Information disclosure in the Everest Forms WordPress plugin before 3.5.0 allows unauthenticated remote attackers to dow

CVE-2025-1128 CRITICAL
9.8 Feb 25

The Everest Forms - Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is

CVE-2025-3439 CRITICAL
9.8 Apr 11

The Everest Forms - Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is

CVE-2021-24907 MEDIUM POC
6.1 Dec 21

The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter befo

CVE-2019-13575 CRITICAL
9.8 Jul 18

A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Rated critical sever

CVE-2024-10471 MEDIUM POC
4.8 Nov 26

The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow h

CVE-2025-5927 HIGH
7.5 Jun 25

The Everest Forms (Pro) WordPress plugin versions up to 1.9.4 contain an arbitrary file deletion vulnerability in the de

CVE-2024-13125 LOW POC
3.5 Feb 13

The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow h

CVE-2024-1812 HIGH
7.2 Apr 09

The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including

CVE-2025-26841 MEDIUM
6.1 May 12

Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code

CVE-2023-51695 MEDIUM
5.9 Feb 01

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest

CVE-2025-3422 MEDIUM
5.4 Apr 11

The The Everest Forms - Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress

Share

CVE-2026-12270 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy