Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical2
High0
Medium2
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2025-04-23

CVE-2025-3439 - Payment Form Builder For Wordpress Plugin

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'field_value' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present…

PLUGIN Payment Form Builder For Wordpress

CVE-2025-3439

CRITICAL CVSS 9.8 2025-04-11
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2025-3421 - Payment Form Builder For Wordpress Plugin

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Payment Form Builder For Wordpress

CVE-2025-3421

MEDIUM CVSS 6.1 2025-04-11
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2025-3422 - Payment Form Builder For Wordpress Plugin

The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.

PLUGIN Payment Form Builder For Wordpress

CVE-2025-3422

MEDIUM CVSS 5.4 2025-04-11
Open Full Technical Breakdown
Threat Entry Updated 2025-02-28

CVE-2025-1128 - Payment Form Builder For Wordpress Plugin

The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVF_Form_Fields_Upload class in all versions up to, and including, 3.0.9.4. This makes it possible for unauthenticated attackers to upload, read, and delete arbitrary files on the affected site's server which may make remote code execution, sensitive information disclosure, or a site takeover possible.

PLUGIN Payment Form Builder For Wordpress

CVE-2025-1128

CRITICAL CVSS 9.8 2025-02-25
Open Full Technical Breakdown
Scroll to top