Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpeverest — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting wpeverest. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPEverest operates as a software development entity primarily focused on creating WordPress plugins and themes, serving the content management ecosystem. Security audits have identified forty-seven distinct Common Vulnerabilities and Exposures (CVEs) associated with its products, highlighting significant historical security deficiencies. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation, often stemming from insufficient input validation and inadequate access controls within plugin architectures. These flaws have frequently allowed unauthenticated attackers to compromise site integrity, execute arbitrary code, or escalate user permissions. While specific major public incidents are not always individually cataloged in high-profile breach reports, the sheer volume of CVEs indicates a pattern of recurring security oversights. This track record suggests that WPEverest’s codebase has historically lacked rigorous security review processes, posing substantial risks to dependent websites and their administrators.

Top products by wpeverest: User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder User Registration Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder Everest Forms Pro Everest Forms Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress Plugin Everest Forms - Frontend Listing User Registration Advanced Fields
CVE IDTitleCVSSSeverityPublished
CVE-2025-3422 Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-94 5.4 Medium2025-04-11
CVE-2025-3439 Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-502 9.8 Critical2025-04-11
CVE-2025-30899 WordPress User Registration plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerability — User RegistrationCWE-79 5.9 Medium2025-03-27
CVE-2025-1511 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-79 6.1 Medium2025-02-28
CVE-2025-1128 Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-434 9.8 Critical2025-02-25
CVE-2023-29429 WordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerability — User RegistrationCWE-862 5.3 Medium2024-12-09
CVE-2023-51377 WordPress Everest Forms plugin <= 2.0.3 - Broken Access Control vulnerability — Everest FormsCWE-862 5.3 Medium2024-06-14
CVE-2024-4958 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-862 7.1 High2024-06-01
CVE-2024-2417 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-862 8.8 High2024-05-02
CVE-2024-3295 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-862 6.5 Medium2024-05-02
CVE-2024-1812 Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCWE-918 7.2 High2024-04-09
CVE-2023-27459 WordPress User Registration plugin <= 2.3.2.1 - Authenticated PHP Object Injection vulnerability — User RegistrationCWE-502 7.4 High2024-03-26
CVE-2024-1720 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.4 - Unauthenticated Stored Self-Based Cross-Site Scripting — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-79 4.7 Medium2024-03-07
CVE-2023-51695 WordPress Everest Forms Plugin <= 2.0.4.1 is vulnerable to Cross Site Scripting (XSS) — Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!CWE-79 5.9 Medium2024-02-01
CVE-2023-3342 User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-434 9.9 Critical2023-07-13
CVE-2023-3343 User Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object Injection — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login BuilderCWE-502 8.8 High2023-07-13
CVE-2023-23987 WordPress User Registration Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS) — User RegistrationCWE-79 5.9 Medium2023-04-06

This page lists every published CVE security advisory associated with wpeverest. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.