CVE Catalog

CVE-2026-57312

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

Unauthenticated Cross Site Scripting (XSS) vulnerability in Everest Forms versions up to 3.4.8.

Risk Assessment

An attacker can inject malicious JavaScript code, leading to session theft, redirects, or website defacement.

Recommendation

Update the Everest Forms plugin to version 3.4.9 or later immediately.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS