CVE Catalog
CVE-2026-57312
HighCVSS 7.1Summary
Unauthenticated Cross Site Scripting (XSS) vulnerability in Everest Forms versions up to 3.4.8.
Risk Assessment
An attacker can inject malicious JavaScript code, leading to session theft, redirects, or website defacement.
Recommendation
Update the Everest Forms plugin to version 3.4.9 or later immediately.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.

