Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Everest Forms: Malicious Code Can Be Injected into Web Pages
CVE-2026-22422
Summary
A security issue in Everest Forms allows attackers to inject malicious code into web pages, potentially allowing them to steal user data or take control of the site. This issue affects all versions of Everest Forms up to 3.4.1. To stay secure, update to a patched version of the plugin as soon as possible.
Original title
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a...
Original description
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through <= 3.4.1.
nvd CVSS3.1
5.3
Vulnerability type
CWE-80
Basic XSS
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026