Home

Description

The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via predictable, enumerable filenames.

PUBLISHED Reserved 2026-06-08 | Published 2026-07-09 | Updated 2026-07-09 | Assigner WPScan

Problem types

CWE-200 Information Exposure

Product status

Default status
unaffected

Any version before 3.5.0
affected

Credits

Duy Tran finder

WPScan coordinator

References

wpscan.com/...rability/4bd381e9-2f4e-4e61-99af-88f50aed71f5/ exploit vdb-entry technical-description

cve.org (CVE-2026-11571)

nvd.nist.gov (CVE-2026-11571)

Download JSON