CVE-2026-57312
Deferred Deferred - Pending Action

Unauthenticated Cross Site Scripting in Everest Forms

Vulnerability report for CVE-2026-57312, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description

Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
wpmet everest_forms to 3.4.8 (inc)
wpmet everest_forms 3.5.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-57312 is a Cross Site Scripting (XSS) vulnerability found in the WordPress Everest Forms Plugin versions 3.4.8 and below.

This vulnerability allows attackers to inject malicious scripts into the website by exploiting the plugin without authentication.

The attack requires a privileged user to interact with a malicious link, crafted page, or form submission, which then executes the injected scripts when visitors access the site.

Such scripts could perform actions like redirects or displaying unwanted advertisements.

Detection Guidance

This vulnerability involves Cross Site Scripting (XSS) in Everest Forms plugin versions 3.4.8 and below. Detection typically involves monitoring for suspicious or malicious script injections in web requests or responses related to the Everest Forms plugin.

While no specific commands are provided in the available resources, common detection methods include inspecting HTTP requests for unusual parameters or payloads that contain script tags or JavaScript code targeting the vulnerable plugin endpoints.

Network or system administrators can use web application firewall (WAF) logs or intrusion detection system (IDS) alerts to identify attempts to exploit this XSS vulnerability.

Impact Analysis

This vulnerability can lead to unauthorized script execution on your website, potentially harming your visitors and your site's reputation.

  • Attackers can inject malicious scripts that redirect users to harmful sites or display unwanted advertisements.
  • It can be exploited in mass campaigns targeting thousands of websites, increasing the risk of widespread impact.
  • The vulnerability affects confidentiality, integrity, and availability, as indicated by its CVSS score.
Compliance Impact

The provided information does not specify how the Cross Site Scripting (XSS) vulnerability in Everest Forms affects compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

The immediate recommended step is to update the Everest Forms plugin to version 3.5.0 or later, where this vulnerability is patched.

Until the update can be applied, it is advised to implement mitigation rules such as those provided by Patchstack to block attack attempts targeting this vulnerability.

Additionally, monitoring and restricting privileged user interactions with untrusted links or forms can reduce the risk of exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57312. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart