{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22422", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-07T12:22:01.195Z", "datePublished": "2026-02-19T08:26:48.111Z", "dateUpdated": "2026-04-28T17:08:36.498Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "everest-forms", "product": "Everest Forms", "vendor": "wpeverest", "versions": [{"changes": [{"at": "3.4.2", "status": "unaffected"}], "lessThanOrEqual": "3.4.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Najib Sinjari | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:14.371Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.<p>This issue affects Everest Forms: from n/a through <= 3.4.1.</p>"}], "value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through <= 3.4.1."}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "Code Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:43.763Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/everest-forms/vulnerability/wordpress-everest-forms-plugin-3-4-1-arbitrary-shortcode-execution-vulnerability?_s_id=cve"}], "title": "WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-20T17:23:12.521864Z", "id": "CVE-2026-22422", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T17:08:36.498Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-22422", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-20T17:23:12.521864Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T17:22:27.636Z"}}], "cna": {"title": "WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Najib Sinjari | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "Code Injection"}]}], "affected": [{"vendor": "wpeverest", "product": "Everest Forms", "versions": [{"status": "affected", "changes": [{"at": "3.4.2", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "3.4.1"}], "packageName": "everest-forms", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:04:14.371Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/everest-forms/vulnerability/wordpress-everest-forms-plugin-3-4-1-arbitrary-shortcode-execution-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through <= 3.4.1.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.<p>This issue affects Everest Forms: from n/a through <= 3.4.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-80", "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T14:13:47.336Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22422", "state": "PUBLISHED", "dateUpdated": "2026-04-01T14:13:47.336Z", "dateReserved": "2026-01-07T12:22:01.195Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-02-19T08:26:48.111Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through <= 3.4.1."}, {"lang": "es", "value": "Neutralizaci\u00f3n Incorrecta de Etiquetas HTML Relacionadas con Scripts en una P\u00e1gina Web (XSS B\u00e1sico) vulnerabilidad en wpeverest Everest Forms everest-forms permite la Inyecci\u00f3n de C\u00f3digo. Este problema afecta a Everest Forms: desde n/a hasta &lt;= 3.4.1."}], "id": "CVE-2026-22422", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-19T09:16:11.753", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/everest-forms/vulnerability/wordpress-everest-forms-plugin-3-4-1-arbitrary-shortcode-execution-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-80"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.4.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Everest Forms", "source": "cna", "vendor": "wpeverest"}, "product": "everest_forms", "vendor": "wpeverest"}], "analysis": {"en": {"generated_at": "2026-04-16T06:43:53.412181+00:00", "value": {"mitigation_remediation": ["Update Everest Forms plugin to version 3.4.2 or later.", "If an update is not immediately possible, disable or remove the shortcode functionality or sanitize input to eliminate script tags.", "Audit the website for any injected malicious code and remove it after remediation."], "summary": {"action": "Apply Patch", "impact": "Arbitrary Script Execution via XSS in Everest Forms"}, "threat_synthesis": {"affected_systems": "Vendors: wpeverest; Product: Everest Forms; Affected versions: all releases up to and including 3.4.1.", "description_and_impact": "The vulnerability is a classic cross\u2011site scripting flaw that allows an attacker to inject malicious JavaScript into pages rendered by the Everest Forms plugin. This flaw arises from the plugin\u2019s failure to properly neutralize script\u2011related HTML tags, enabling arbitrary code execution within a victim\u2019s browser session. The impact could include credential theft, defacement, or further exploitation of the site.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity, while the EPSS score of less than 1% shows a very low probability of exploitation in the wild. The flaw is not listed in the CISA KEV catalog. Attackers would most likely exploit this via crafted content that triggers the vulnerable shortcode, requiring access to a location where the plugin processes user\u2011generated input. Given the moderate severity and low exploitation probability, the risk is low to moderate but warrants patching to prevent potential abuse."}}}}, "created": "2026-02-20T10:11:24.063395+00:00", "updated": "2026-04-16T06:45:16.320159+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "wpeverest", "wpeverest$PRODUCT$everest_forms"]}