CVE-2025-26841Cross-site Scripting in Everest Forms

CWE-79Cross-site ScriptingCWE-459Incomplete Cleanup4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 59.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wpeverest Everest Forms
Timeline
PublishedMay 12

Description

Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-g988-pqhg-r7m5: Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 32025-05-12
CVEList
CVE-2025-26841: Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 32025-05-12

📋Vendor Advisories

1
Microsoft
LoongArch: Update cpu_sibling_map when disabling nonboot CPUs2024-04-09
CVE-2025-26841 — Cross-site Scripting in Everest Forms | cvebase