CVE-2026-11571 in Everest Forms Plugin
Sumário
de MITRE • 09/07/2026
The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via predictable, enumerable filenames.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.