WordPress Plugin Vulnerabilities

Everest Forms < 1.5.0 - SQL Injection

Description

The Contact Form, Drag and Drop Form Builder for WordPress – Everest Forms WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
everest-forms
Fixed in 1.5.0

References

CVE
CVE-2019-13575
URL
https://fortiguard.com/zeroday/FG-VD-19-096
URL
https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html
URL
https://github.com/wpeverest/everest-forms/commit/755d095fe0d9a756a13800d1513cf98219e4a3f9#diff-bb2b21ef7774df8687ff02b0284505c6

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Tin Duong
Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
04ebd37f-5cd7-4d0c-9cf3-ffc5ef8ddc9b

Timeline

Publicly Published
2019-07-18 (about 6 years ago)
Added
2019-07-18 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2020-08-03
Title
Ajax Search Pro < 4.19 - Subscriber+ SQL Injection
Published
2025-04-17
Title
WPAMS <= 44.0 (17-08-2023) - Authenticated (Subscriber+) SQL Injection
Published
2024-10-31
Title
5 Stars Rating Funnel <= 1.4.01 - Authenticated (Contributor+) SQL Injection
Published
2014-08-01
Title
Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit
Published
2024-08-20
Title
Woo Inquiry <= 0.1 - Unauthenticated SQL Injection