CVE-2019-13575

Name of the Vulnerable Software and Affected Versions WPEverest Everest Forms plugin for WordPress versions through 1.4.9

Description A SQL injection issue exists, allowing a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php. This could be achieved by exploiting the vulnerability in the WPEverest Everest Forms plugin for WordPress.

Recommendations For versions through 1.4.9, update to a version later than 1.4.9 to resolve the issue. As a temporary workaround, consider restricting access to the includes/evf-entry-functions.php file until a patch is available.