Everest Forms Pro <= 1.9.12 - Unauthenticated RCE via Calculation Formula Injection CVE-2026-3300
- Severity
- EPSS Score
- EPSS Percentile
- Vulnerability description
- Not available
- Risk description
- Not available
- Recommendation
- Not available
- References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/389c0b89-e408-4ad5-9723-a16b745771f0?source=cvehttps://plugins.trac.wordpress.org/browser/everest-forms/tags/3.4.3/includes/class-evf-form-task.php#L584https://everestforms.net/changelog/https://www.wordfence.com/blog/2026/06/attackers-actively-exploiting-critical-vulnerability-in-everest-forms-pro-plugin/
- Codename
- Not available
- Detectable with
- Network Scanner
- Scan engine
- Nuclei
- Cisa Kev
- No
- Exploitable with Sniper
- No
- CVE Published
- Mar 31, 2026
- Detection added at
- Software Type
- Not available
- Vendor
- Not available
- Product
- Not available
Detect this vulnerability now!
Check your clients' targets (or your own) for this vulnerability and thousands more! Get proof for validation with our ethical hacking toolkit.