CVE-2026-5478 | wpeverest Everest Forms Plugin up to 3.4.4 on WordPress unlink old_files path traversal

Inserito da Angelo Barbosa | Apr 20, 2026 | CVE

A vulnerability categorized as critical has been discovered in wpeverest Everest Forms Plugin up to 3.4.4 on WordPress. Impacted is the function unlink. Such manipulation of the argument old_files leads to path traversal.

This vulnerability is uniquely identified as CVE-2026-5478. The attack can be launched remotely. No exploit exists.

CVE-2026-5478 | wpeverest Everest Forms Plugin up to 3.4.4 on WordPress unlink old_files path traversal

Post correlati

CVE-2024-4034 | Virtue Plugin up to 3.4.8 on WordPress Post Author cross site scripting

CVE-2025-1962 | projectworlds Online Hotel Booking 1.0 /admin/addroom.php roomname sql injection

CVE-2024-39458 | Structs Plugin up to 337.v1b_04ea_4df7c8 on Jenkins information disclosure

CVE-2025-5856 | PHPGurukul BP Monitoring Management System 1.0 /registration.php emailid sql injection