CVE-2025-3422

Name of the Vulnerable Software and Affected Versions: The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress versions up to 3.1.1

Description: The issue arises from the software's failure to properly validate a value before executing do shortcode, allowing authenticated attackers with Subscriber-level access or higher to execute arbitrary shortcodes. This can be exploited by attackers to execute actions that are not intended by the software.

Recommendations: For versions up to 3.1.1, update to a version higher than 3.1.1 to resolve the issue. As a temporary workaround, consider restricting access to the do shortcode function to minimize the risk of exploitation.