cleantalk
Vulnerabilities and Security Researches

Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!, CVE-2026-4888

CVE, Research URL

CVE-2026-4888

Home page URL

Security reports for Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!

Application

Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!

Published on
May 28, 2026
Research Description
The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 3.4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to send test emails to arbitrary addresses from the server.
Affected versions
max 3.4.8.
Status
vulnerable
Previous vulnerability researches
School Management System – WPSchoolPress (CVE-2021-24664) , Jun 06, 2024
School Management System – WPSchoolPress (CVE-2021-24575) , Jun 06, 2024
School Management System – WPSchoolPress (CVE-2023-4776) , Jun 06, 2024
School Management System – WPSchoolPress (CVE-2025-1668) , Mar 16, 2025
School Management System – WPSchoolPress (CVE-2025-1669) , Mar 16, 2025
New vulnerability
Breeze – WordPress Cache Plugin (CVE-2026-2128) , May 30, 2026
Frontend Admin by DynamiApps (CVE-2026-6226) , May 30, 2026
Frontend Admin by DynamiApps (CVE-2026-7802) , May 30, 2026
EventPress (CVE-2026-6268) , May 30, 2026
WPComplete (CVE-2026-42750) , May 30, 2026