Everest Forms Pro WordPress plugin all versions up to and including 1.9.12
Summary
This vulnerability is an unauthenticated remote PHP code injection issue in the Everest Forms Pro plugin's Calculation Addon. Attackers can inject malicious PHP code via crafted form field inputs, leading to full remote code execution on the affected WordPress server.
Remediation
Update the Everest Forms Pro plugin to the latest secure version immediately. Remove the plugin from your WordPress installation if a patch cannot be applied right away to eliminate the vulnerability.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.