CVE-2026-27070Cross-site Scripting in Everest Forms PRO

CWE-79Cross-site Scripting4 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 89.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wpeverest Everest Forms PRO
Timeline
PublishedMar 19

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms Pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through 1.9.10.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.7

Affected Packages1 packages

CVEListV5wpeverest/everest_forms_pron/a1.9.10

🔴Vulnerability Details

2
CVEList
WordPress Everest Forms Pro plugin <= 1.9.10 - Cross Site Scripting (XSS) vulnerability2026-03-19
GHSA
GHSA-rc4c-fv77-h4vh: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms Pro allows Stored XSS2026-03-19

🕵️Threat Intelligence

1
Wiz
CVE-2026-27070 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-27070 — Cross-site Scripting | cvebase