Everest forms – contact form, payment form, quiz, survey & custom form builder
This hub aggregates every CVE we track for Everest forms – contact form, payment form, quiz, survey & custom form builder, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
3
CVEs tracked
1
Critical
1
High
0
In CISA KEV
Severity distribution
HIGH1MEDIUM1CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
1
0
0
2024-082026-07
Latest CVEs
The 3 most recently published vulnerabilities affecting Everest forms – contact form, payment form, quiz, survey & custom form builder.
- CVE-2026-4888Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending4.3
- CVE-2026-5478Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter8.1
- CVE-2026-3296Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata9.8
Product normalization is registry-driven with AI assist and human review. How it works