We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Security Advisory

Critical WordPress Security Flaw in Everest Forms Plugin 

The UAE Cyber Security Council has observed a critical vulnerability in the Everest Forms WordPress
plugin that could allow attackers to upload arbitrary files, execute remote code, and delete critical
site files, potentially leading to complete website takeover.

OEM WordPress 
Severity Critical 
CVSS score 9.8 
CVEs CVE-2025-1128 
Exploited in Wild No 
Patch/Remediation Available Yes 
Advisory Version 1.0 

Overview 

Vulnerability, CVE-2025-1128, has been discovered in the Everest Forms WordPress plugin, affecting over 100,000 websites and rated with a CVSS score of 9.8. The lack of proper file type and path validation within the format() method of the EVF_Form_Fields_Upload class, allowing attackers to upload
malicious files. This include PHP scripts disguised as seemingly harmless files, to the publicly
accessible WordPress uploads directory

Vulnerability Name CVE ID Product Affected Severity Fixed Version 
 Arbitrary File Upload vulnerability  CVE-2025-1128   Everest Forms Plugin  Critical  v3.0.9.5  

Technical Summary 

The vulnerability resides in the format() method of the EVF_Form_Fields_Upload class in Everest Forms. Due to missing file type and path validation, attackers can upload arbitrary files, including malicious PHP scripts disguised as other file types.

This enables unauthenticated remote code execution, file deletion, and reading of sensitive files such as wp-config.php, which can lead to full site compromise. 

CVE ID System Affected Vulnerability Details Impact 
 CVE-2025-1128   Everest Forms Plugin <= 3.0.9.4   Missing file type and path validation in format() method allows arbitrary file uploads, execution, and deletion   Remote Code Execution, Full Site Takeover  

Remediation

  • Apply Patch: Users should update to Everest Forms version 3.0.9.5 or later version as soon as possible. 

General Recommendations 

  • Monitor for Suspicious Activity: Review server logs for unusual file uploads or access attempts. 
  • Implement a Web Application Firewall (WAF): Deploying a WAF can help mitigate exploitation risks. 
  • Review File Permissions: Ensure proper file permissions are set to prevent unauthorized access. 

Conclusion: 

The CVE-2025-1128 vulnerability in Everest Forms presents a severe security risk, as it allows unauthenticated attackers to upload arbitrary files and execute remote code.

The vulnerability has been addressed in version 3.0.9.5, and all affected users are urged to update immediately. Organizations should also implement security monitoring and preventive measures to safeguard their WordPress sites against similar threats in the future. 

  • Successful exploitation of this vulnerability could allow Attackers to:
    o Upload malicious PHP code to the WordPress uploads folder
    o Execute arbitrary code on the server
    o Read and delete any arbitrary file on the server, including wp-config.php
    o Potentially redirect the site to a database under attacker control
    Affected Versions:
  • Everest Forms <= 3.0.9.4
    Fixed Versions:
  • Everest Forms 3.0.9.5 or later

References: 

  • https://www.wordfence.com/blog/2025/02/100000-wordpress-sites-affected-by-arbitrary-file-upload-read-and-deletion-vulnerability-in-everest-forms-wordpress-plugin/  

Tags: