CVE-2025-1128 | wpeverest Everest Forms Plugin up to 3.0.9.4 on WordPress Path Validation EVF_Form_Fields_Upload format unrestricted upload

February 25, 2025 Yanac

A vulnerability, which was classified as critical, has been found in wpeverest Everest Forms Plugin up to 3.0.9.4 on WordPress. Affected by this issue is the function format of the file EVF_Form_Fields_Upload of the component Path Validation Handler. The manipulation leads to unrestricted upload.

This vulnerability is handled as CVE-2025-1128. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More