CVE-2026-57312
Deferred Deferred - Pending Action
Unauthenticated Cross Site Scripting in Everest Forms

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description
Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-57312
EUVD
EUVD-2026-39725
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
wpmet everest_forms to 3.4.8 (inc)
wpmet everest_forms 3.5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-57312 is a Cross Site Scripting (XSS) vulnerability found in the WordPress Everest Forms Plugin versions 3.4.8 and below.

This vulnerability allows attackers to inject malicious scripts into the website by exploiting the plugin without authentication.

The attack requires a privileged user to interact with a malicious link, crafted page, or form submission, which then executes the injected scripts when visitors access the site.

Such scripts could perform actions like redirects or displaying unwanted advertisements.

Impact Analysis

This vulnerability can lead to unauthorized script execution on your website, potentially harming your visitors and your site's reputation.

  • Attackers can inject malicious scripts that redirect users to harmful sites or display unwanted advertisements.
  • It can be exploited in mass campaigns targeting thousands of websites, increasing the risk of widespread impact.
  • The vulnerability affects confidentiality, integrity, and availability, as indicated by its CVSS score.
Detection Guidance

This vulnerability involves Cross Site Scripting (XSS) in Everest Forms plugin versions 3.4.8 and below. Detection typically involves monitoring for suspicious or malicious script injections in web requests or responses related to the Everest Forms plugin.

While no specific commands are provided in the available resources, common detection methods include inspecting HTTP requests for unusual parameters or payloads that contain script tags or JavaScript code targeting the vulnerable plugin endpoints.

Network or system administrators can use web application firewall (WAF) logs or intrusion detection system (IDS) alerts to identify attempts to exploit this XSS vulnerability.

Mitigation Strategies

The immediate recommended step is to update the Everest Forms plugin to version 3.5.0 or later, where this vulnerability is patched.

Until the update can be applied, it is advised to implement mitigation rules such as those provided by Patchstack to block attack attempts targeting this vulnerability.

Additionally, monitoring and restricting privileged user interactions with untrusted links or forms can reduce the risk of exploitation.

Compliance Impact

The provided information does not specify how the Cross Site Scripting (XSS) vulnerability in Everest Forms affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57312. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart