CVE-2026-11571
EUVD-2026-4250809.07.2026, 07:16
The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the uploads directory, allowing unauthenticated attackers to retrieve other users' form submission records via predictable, enumerable filenames.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.