<0.1% probability · 11.0th percentile — 2026-05-12
Affected versions
Everest Forms plugin <= 3.4.3 (WordPress)
Summary
This vulnerability allows unauthenticated attackers to inject malicious PHP serialized payloads through any public form on affected sites. The unsafe deserialization of stored entry metadata executes the payload when an administrator views form entries. Successful exploitation can lead to full remote code execution on the hosting server.
Remediation
Update the Everest Forms plugin to a version newer than 3.4.3 immediately. If a patched version is not available, temporarily disable the plugin and restrict administrative access to form entry pages.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.