CVE-2025-26841
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-26841
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-26841.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-26841
- Published
- 2025-05-12T15:15:59Z
- Modified
- 2025-07-02T10:00:48.539418Z
- Summary
- [none]
- Details
-
Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload.
- References
Affected packages
Git / github.com/wpeverest/everest-forms
Affected ranges
- Type
- GIT
- Repo
- https://github.com/wpeverest/everest-forms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.1.0
1.1.0-rc.1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.5.1
1.2.0
1.2.0-rc.1
1.2.1
1.2.2
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.4.0
1.4.0-beta
1.4.0-beta2
1.4.0-beta3
1.4.0-beta4
1.4.0-beta5
1.4.0-beta6
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.5.0
1.5.1
1.5.10
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.6.1
1.6.7
1.7.0
1.7.0.1
1.7.0.2
1.7.0.3
1.7.1
1.7.2
1.7.2.1
1.7.2.2
1.7.3
1.7.4
1.7.5
1.7.5.1
1.7.5.2
1.7.6
1.7.7
1.7.7.1
1.7.7.2
1.7.8
1.7.9
1.8.0
1.8.0.1
1.8.1
1.8.2
1.8.2.1
1.8.2.2
1.8.2.3
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.8.9
1.9.0
1.9.0.1
1.9.1
1.9.2
1.9.3
1.9.4
1.9.4.1
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9
2.*
2.0.0
2.0.0.1
2.0.1
2.0.2
2.0.3
2.0.3.1
2.0.4
2.0.4.1
2.0.5
2.0.6
2.0.7
2.0.8
2.0.8.1
2.0.9
3.*
3.0.0
3.0.0.1
3.0.1
3.0.2
3.0.3
3.0.3.1
3.0.4
3.0.4.1
3.0.4.2
3.0.5
3.0.5.1
3.0.5.2
3.0.6
3.0.6.1
3.0.7.1
3.0.8
3.0.8.1
v1.*
v1.4.0-beta