Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Network-reachable REST API requires no credentials; impact confined to partial config read and write plus email triggering, with no availability or scope change.
Primary rating from Vendor (WPScan).
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
5DescriptionCVE.org
The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several REST API endpoints belonging to its onboarding assistant: the capability check is only applied when an attacker-controllable request header holds a specific value, so it can be bypassed by omitting or changing that header. This makes it possible for unauthenticated attackers to read onboarding status information, modify the related Everest Forms WordPress plugin before 3.5.0 options, and trigger an email from the site to an arbitrary address.
AnalysisAI
Unauthenticated remote attackers can completely bypass access controls on Everest Forms REST API endpoints in all plugin versions before 3.5.0, enabling them to read onboarding status data, modify plugin settings, and send emails from the WordPress site to arbitrary addresses. The flaw arises because the capability check is conditioned on an attacker-controllable HTTP request header - omitting or altering that header disables the authorization gate entirely. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The target WordPress site must have the Everest Forms plugin installed and active in a version from 3.4.2 up to (not including) 3.5.0. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 6.5 Medium score (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) accurately reflects easy network exploitation with no authentication, but correctly scores limited impact - partial read and write, no availability or scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker sends HTTP requests to Everest Forms onboarding REST API endpoints while deliberately omitting or modifying the header value that normally activates the capability check, causing the authorization gate to be skipped entirely. The attacker reads onboarding configuration data, modifies plugin options to alter site behavior, and triggers outbound email from the WordPress site to an attacker-chosen address - enabling phishing or spam campaigns using the site's legitimate domain and mail infrastructure. … |
| Remediation | Update Everest Forms to version 3.5.0 or later; this is the vendor-released patch that corrects the broken authorization logic. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Everest Forms
View allInformation disclosure in the Everest Forms WordPress plugin before 3.5.0 allows unauthenticated remote attackers to dow
The Everest Forms - Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is
The Everest Forms - Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is
The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter befo
A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Rated critical sever
The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow h
The Everest Forms (Pro) WordPress plugin versions up to 1.9.4 contain an arbitrary file deletion vulnerability in the de
The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow h
The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including
Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest
The The Everest Forms - Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42511
GHSA-v4gv-5wcc-cjvx