CVE-2026-5478 | wpeverest Everest Forms Plugin up to 3.4.4 on WordPress unlink old_files path traversal (EUVD-2026-23941)

A vulnerability categorized as critical has been discovered in wpeverest Everest Forms Plugin up to 3.4.4 on WordPress. Impacted is the function unlink. Such manipulation of the argument old_files leads to path traversal.

This vulnerability is uniquely identified as CVE-2026-5478. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More