cleantalk
Vulnerabilities and Security Researches

Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!, CVE-2026-4888

CVE, Research URL

CVE-2026-4888

Home page URL

Security reports for Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!

Application

Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!

Published on
May 28, 2026
Research Description
The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 3.4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to send test emails to arbitrary addresses from the server.
Affected versions
max 3.4.8.
Status
vulnerable
Previous vulnerability researches
Disable Comments for Any Post Types (Remove comments) (CVE-2026-42749) , May 29, 2026
New vulnerability
Breeze – WordPress Cache Plugin (CVE-2026-2128) , May 30, 2026
Frontend Admin by DynamiApps (CVE-2026-6226) , May 30, 2026
Frontend Admin by DynamiApps (CVE-2026-7802) , May 30, 2026
EventPress (CVE-2026-6268) , May 30, 2026
WPComplete (CVE-2026-42750) , May 30, 2026