cleantalk
Vulnerabilities and Security Researches

Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!, CVE-2025-3422

CVE, Research URL

CVE-2025-3422

Home page URL

Security reports for Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!

Application

Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!

Published on
Apr 11, 2025
Research Description
The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
Affected versions
Min -, max 3.1.2.
Status
vulnerable
Previous vulnerability researches
wpShopGermany IT-RECHT KANZLEI (CVE-2025-30804) , Apr 03, 2025
wpShopGermany IT-RECHT KANZLEI (CVE-2023-37993) , Jun 07, 2024
New vulnerability
Rating by BestWebSoft (CVE-2025-39527) , Apr 19, 2025
Delete All Posts (CVE-2025-23773) , Apr 19, 2025
Sponsered Link (CVE-2025-22692) , Apr 19, 2025
Bknewsticker (CVE-2025-39433) , Apr 19, 2025
Download Manager (CVE-2025-3056) , Apr 19, 2025