WordPress Plugin Vulnerabilities
Everest Forms < 3.5.0 - Unauthenticated Sensitive Information Exposure via Residual CSV Artifacts
Description
The plugin does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via predictable, enumerable filenames.
Exploitation requires the Everest Forms Pro add-on to be active (the CSV email-attachment option is provided by Pro) and a form with more than one email notification where the CSV attachment is enabled on a notification that is not processed last. Form entry identifiers are sequential and are returned to the submitter in the submission response, which makes the retained artifacts straightforward to enumerate.
Proof of Concept
Affects Plugins
References
CVE
Classification
Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Duy Tran
Submitter
Duy Tran
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2026-06-18 (about 21 days ago)
Added
2026-06-18 (about 20 days ago)
Last Updated
2026-06-19 (about 19 days ago)