Everest Forms Plugin Vulnerability Allows Arbitrary File Read and Deletion

/HIGH /CVSS 8.1/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitydenial-of-servicecwe-22
Everest Forms Plugin Vulnerability Allows Arbitrary File Read and Deletion

The National Vulnerability Database has detailed a critical flaw (CVE-2026-5478) in the Everest Forms WordPress plugin, affecting all versions up to 3.4.4. This vulnerability allows unauthenticated attackers to read sensitive files, such as wp-config.php, or delete critical files. The exploit leverages path traversal through the old_files parameter in form submissions, bypassing security controls by manipulating file paths. This can expose database credentials and authentication salts, or cause denial of service.

For a successful attack, the form must include a file-upload field, and the plugin must have entry information storage disabled. The National Vulnerability Database notes that the same path resolution logic is used in the post-email cleanup, enabling file deletion after the sensitive information is exfiltrated. Attackers can achieve full site compromise or disrupt operations.

Defenders must update the Everest Forms plugin immediately. Organizations should audit their WordPress installations for this vulnerable plugin and review logs for any signs of path traversal attempts or unauthorized file access. Given the potential for complete site compromise, prioritizing this update is essential.

What This Means For You

  • If your organization uses the Everest Forms plugin on WordPress, update to version 3.4.5 or later immediately to mitigate CVE-2026-5478. Audit your web server logs for any suspicious file access or deletion patterns, especially related to wp-config.php.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1083 File and Directory Discovery Discovery T1561.002 Disk Content Wipe Impact

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-5478 - Everest Forms Arbitrary File Read via Path Traversal

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-5478 Vulnerability CVE-2026-5478
CVE-2026-5478 Affected Product all

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 20, 2026 at 23:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6729 — HKUDS OpenHarness prior to PR #159 remediation contains a

CVE-2026-6729 — HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to...

vulnerabilityCVEmedium-severitycwe-287
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 2 IOCs

CVE-2026-4852 — Cross-Site Scripting (XSS)

CVE-2026-4852 — The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image...

vulnerabilityCVEmedium-severitycross-site-scripting-xsscwe-79
/SCW Vulnerability Desk /MEDIUM /6.4 /⚑ 2 IOCs /⚙ 3 Sigma

LMDeploy Vulnerability Exposes LLM Servers to SSRF Attacks

CVE-2026-33626 — LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability...

vulnerabilityCVEhigh-severityserver-side-request-forgerycwe-918
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 1 IOC /⚙ 3 Sigma