Everest Forms <= 3.4.7 Authenticated Email Sending Authorization Bypass (CVE-2026-4888)

Vulnerability Overview Vulnerability Name: Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending CVE ID: CVE-2026-4888 CVSS Score: 4.3 (Medium) Publication Date: May 27, 2026 Last Updated Date: May 27, 2026 Researchers: Quoc Huy (Swings) - Paramu Affected Range Software Type: Plugin Software Name: Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder Affected Versions: <= 3.4.7 Fixed Version: 3.4.8 Remediation Remediation Advice: Upgrade to version 3.4.8 or later patched versions. Vulnerability Description This vulnerability allows an authenticated attacker (with Subscriber level or higher permissions) to send test emails to arbitrary addresses via the function. Reference Links plugins.trac.wordpress.org Related Recent Vulnerabilities CVE-2026-5478: Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_file' Parameter CVE-2026-5296: Unauthenticated PHP Object Injection via Form Entry Metadata CVE-2026-22422: Unauthenticated Arbitrary Shortcode Execution CVE-2025-3439: Unauthenticated PHP Object Injection CVE-2025-3422: Authenticated (Subscriber+) Arbitrary Shortcode Execution CVE-2025-3421: Reflected Cross-Site Scripting CVE-2025-1128: Unauthenticated Arbitrary File Upload, Read, and Deletion CVE-2024-13125: Authenticated (Admin) Stored Cross-Site Scripting CVE-2024-10471: Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-8542: Authenticated (Administrator+) Stored Cross-Site Scripting Additional Information Business Hours: 9am-5pm ET, 6am-5pm PT, and 2pm-1am UTC/GMT (excluding weekends and holidays) Support: 24-hour support, 365 days a year, 1-hour response time Disclaimer This record contains copyrighted material, the copyright belongs to Defiant Inc. and MITRE Corporation. Contact To add information or report errors, please contact: wfi-support@wordfence.com Additional Resources Wordfence Intelligence: Offers free personal and commercial API access, as well as free webhook integration. Wordfence WordPress Plugin: Immediately notifies users if their websites are affected by new vulnerabilities. Footer Information Terms and Services: Privacy Policy and Notice Collection, Do Not Sell or Share My Personal Information Social Media: Twitter, Facebook, YouTube, Instagram Products: Wordfence Free, Wordfence Premium, Wordfence Care, Wordfence Response, Wordfence CLI, Wordfence Intelligence, Wordfence Central Support: Documentation, Learning Center, Free Support, Advanced Support News: Blog, News, Vulnerability Advisories About: About Wordfence, Affiliate Program, Employment, Security, CVE Request Form Subscribe: Subscribe to news and updates to get information from experienced security professionals Copyright Information © 2012-2026 Defiant Inc. All rights reserved

Goal Reached Thanks to every supporter — we hit 100%!

Everest Forms <= 3.4.7 Authenticated Email Sending Authorization Bypass (CVE-2026-4888)