Description
The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via predictable, enumerable filenames.
Problem types
Product status
Any version before 3.5.0
Credits
Duy Tran
WPScan
References
wpscan.com/...rability/4bd381e9-2f4e-4e61-99af-88f50aed71f5/