XSS Vulnerability in Everest Forms by WPEverest
CVE-2026-22422
5.3MEDIUM
What is CVE-2026-22422?
A Cross-Site Scripting (XSS) vulnerability exists in WPEverest's Everest Forms plugin that stems from improper neutralization of script-related HTML tags in web pages. This vulnerability allows authorized users to inject malicious scripts via input fields, which can lead to code execution on the client side, posing risks to user data and application integrity. It affects versions from n/a to 3.4.1, emphasizing the importance of updating to secure versions to mitigate potential exploits.
Affected Version(s)
Everest Forms 0 <= 3.4.1