Everest Forms < 3.4.2 – Unauthenticated Arbitrary Shortcode Execution | CVE 2026-22422 | Plugin Vulnerabilities

Description

The The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.4.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Affects Plugins

Fixed in 3.4.2

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/8b8c85f2-11c7-491f-9b91-0ddf4814e40d

Classification

Type

RCE

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Najib Sinjari

Verified

No

WPVDB ID

a8dd4d4c-405d-4365-8379-a0db1e27165c

Timeline

Publicly Published

2025-09-26 (about 7 months ago)

Added

2026-05-04 (about 9 days ago)

Last Updated

2026-05-04 (about 9 days ago)

Other

Published

Title

Published

2025-10-24

Title

Discussion Board – WordPress Forum Plugin < 2.5.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

Published

2023-12-05

Title

Astra Pro < 4.3.2 - Authenticated(Contributor+) Remote Code Execution via Metabox

Published

2025-04-09

Title

ORDER POST <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution

Published

2023-11-13

Title

Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext

Published

2025-01-30

Title

WooCommerce Product Table Lite < 3.9.5 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting