Critical Vulnerability in Everest Forms Plugin Threatens Over 100,000 WordPress Sites

February 25, 2025

A critical security vulnerability, labeled as CVE-2025-1128, has been discovered in the widely used WordPress plugin, Everest Forms. This vulnerability exposes over 100,000 websites to the risk of total takeover. The flaw, which has a severe CVSS score of 9.8, enables unauthorized attackers to upload any file, execute remote code, and even erase important configuration files, potentially resulting in a full site compromise.

The vulnerability was found and responsibly disclosed by the security researcher Arkadiusz Hydzik through the Wordfence’s Bug Bounty Program, for which he was rewarded $4,290.00. Wordfence has released an urgent advisory, strongly recommending users to promptly update to the patched version, 3.0.9.5.

The vulnerability fundamentally resides in the format() method of the EVF_Form_Fields_Upload class. As per the Wordfence report, “The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the ‘format’ method of the EVF_Form_Fields_Upload class in all versions up to, and including, 3.0.9.4.” This absence of validation allows attackers to upload any file, including harmful PHP scripts disguised as seemingly innocuous files like .csv or .txt.

The implications of this vulnerability are severe. Attackers can upload malicious PHP code to the WordPress uploads folder, which is publicly accessible, allowing them to execute arbitrary code on the server. Wordfence warns, “This makes it possible for unauthenticated attackers to upload arbitrary malicious PHP code and then access the file to trigger remote code execution on the server.” Moreover, the rename() function’s lack of proper sanitization opens another critical attack vector.

The CVE-2025-1128 vulnerability has the potential to significantly impact the more than 100,000 active installations of the Everest Forms plugin. The Wordfence report underlines the severity: “As with all arbitrary file upload vulnerabilities, this can lead to complete site compromise through the use of webshells and other techniques.” WordPress site owners using the Everest Forms plugin are strongly encouraged to update to the latest version as soon as possible.

Latest News

• Google Researcher Discloses High-Risk Vulnerability in Palo Alto Networks' PAN-OS Firewall Software
• Ubiquiti UniFi Protect Cameras Vulnerable to Remote Hijacking: Critical Security Advisory Issued
• Windows Disk Cleanup Tool Vulnerability Allows SYSTEM Privileges Exploitation: CVE-2025-21420 Patched
• Critical Security Flaw in Juniper Session Smart Routers Allows Authentication Bypass
• RedMike Exploits Cisco Vulnerabilities in Global Espionage Campaign