CVE-2026-11571 in Everest Forms Plugininformação

Sumário

de MITRE • 09/07/2026

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via predictable, enumerable filenames.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsável

WPScan

Reservar

08/06/2026

Divulgação

09/07/2026

Moderação

aceite

Entrada

VDB-377128

CPE

pronto

EPSS

0.00000

KEV

não

Atividades

muito baixo

Fontes

Do you need the next level of professionalism?

Upgrade your account now!