The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via predictable, enumerable filenames.
Metrics
Affected Vendors & Products
References
History
Thu, 09 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Thu, 09 Jul 2026 07:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via predictable, enumerable filenames. | |
| Title | Everest Forms < 3.5.0 - Unauthenticated Sensitive Information Exposure via Residual CSV Artifacts | |
| References |
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-07-09T14:39:49.930Z
Reserved: 2026-06-08T09:36:35.155Z
Link: CVE-2026-11571
Updated: 2026-07-09T14:39:41.032Z
No data.
No data.
OpenCVE Enrichment
No data.