Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPEverest — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting WPEverest. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPEverest operates as a software development entity primarily focused on creating WordPress plugins and themes, serving the content management ecosystem. Security audits have identified forty-seven distinct Common Vulnerabilities and Exposures (CVEs) associated with its products, highlighting significant historical security deficiencies. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation, often stemming from insufficient input validation and inadequate access controls within plugin architectures. These flaws have frequently allowed unauthenticated attackers to compromise site integrity, execute arbitrary code, or escalate user permissions. While specific major public incidents are not always individually cataloged in high-profile breach reports, the sheer volume of CVEs indicates a pattern of recurring security oversights. This track record suggests that WPEverest’s codebase has historically lacked rigorous security review processes, posing substantial risks to dependent websites and their administrators.

Top products by WPEverest: User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder User Registration Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder Everest Forms Pro Everest Forms Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress Plugin Everest Forms - Frontend Listing User Registration Advanced Fields
CVE IDTitleCVSSSeverityPublished
CVE-2026-3601 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modification — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-862 4.3 Medium2026-05-05
CVE-2026-4882 User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload — User Registration Advanced FieldsCWE-434 9.8 Critical2026-05-02
CVE-2026-42652 WordPress User Registration plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability — User RegistrationCWE-79 7.1 High2026-04-29
CVE-2026-5478 Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-22 8.1 High2026-04-20
CVE-2026-6203 User Registration & Membership <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-601 6.1 Medium2026-04-13
CVE-2026-1865 User Registration & Membership <= 5.1.2 - Authenticated (Subscriber+) SQL Injection via membership_ids[] — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-89 6.5 Medium2026-04-08
CVE-2026-3296 Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-502 9.8 Critical2026-04-08
CVE-2026-3300 Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field — Everest Forms ProCWE-94 9.8 Critical2026-03-31
CVE-2026-32488 WordPress User Registration plugin <= 4.4.9 - Privilege Escalation vulnerability — User RegistrationCWE-266 8.1 High2026-03-25
CVE-2026-4056 User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-862 5.4 Medium2026-03-23
CVE-2026-27070 WordPress Everest Forms Pro plugin <= 1.9.10 - Cross Site Scripting (XSS) vulnerability — Everest Forms ProCWE-79 7.1 High2026-03-19
CVE-2026-1492 User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-269 9.8 Critical2026-03-03
CVE-2026-2356 User Registration & Membership <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-284 5.3 Medium2026-02-26
CVE-2026-1779 User Registration & Membership <= 5.1.2 - Authentication Bypass — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-288 8.1 High2026-02-26
CVE-2026-22422 WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability — Everest FormsCWE-80 5.3 Medium2026-02-19
CVE-2026-24353 WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability — User RegistrationCWE-862 4.3 Medium2026-01-22
CVE-2025-67956 WordPress User Registration plugin <= 4.4.6 - Broken Access Control vulnerability — User RegistrationCWE-862 8.2 High2026-01-22
CVE-2025-14976 User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-352 5.4 Medium2026-01-10
CVE-2025-13367 User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-79 6.4 Medium2025-12-15
CVE-2025-8871 Everest Forms (Pro) <= 1.9.7 - Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature — Everest Forms ProCWE-502 5.6 Medium2025-11-05
CVE-2025-60210 WordPress Everest Forms - Frontend Listing plugin <= 1.0.5 - PHP Object Injection Vulnerability — Everest Forms - Frontend ListingCWE-502 9.8 Critical2025-10-22
CVE-2025-9085 User Registration & Membership <= 4.3.0 - Authenticated (Admin+) SQL Injection — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-89 4.9 Medium2025-09-06
CVE-2025-6831 User Registration <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict Shortcode — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-79 6.4 Medium2025-07-22
CVE-2025-5927 Everest Forms (Pro) <= 1.9.4 - Unauthenticated Path Traversal to Arbitrary File Deletion — Everest Forms ProCWE-36 7.5 High2025-06-25
CVE-2025-3281 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-639 5.3 Medium2025-05-06
CVE-2025-39400 WordPress User Registration plugin < 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability — User RegistrationCWE-79 7.1 High2025-04-24
CVE-2025-3284 User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion — User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress PluginCWE-352 4.3 Medium2025-04-19
CVE-2025-3282 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-639 5.3 Medium2025-04-12
CVE-2025-3292 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-639 4.3 Medium2025-04-12
CVE-2025-3421 Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-79 6.1 Medium2025-04-11

This page lists every published CVE security advisory associated with WPEverest. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.