{"uuid": "e70eb481-23f2-4db3-b075-b89bf39e1e86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3439", "type": "seen", "source": "https://t.me/brutsecurity/1766", "content": "CVE-2025-3439: Deserialization of Untrusted Data in Everest Forms WordPress plugin, 9.8 rating \ud83d\udd25\n\nA vulnerability in the 'field_value' parameter allows a remote unauthenticated attacker to perform PHP object injection. This in turn allows the attacker to achieve RCE, retrieve sensitive data and the ability to delete arbitrary files.\n\nSearch at Netlas.io:\n\ud83d\udc49 Link: https://nt.ls/CoAb6\n\ud83d\udc49 Dork: http.body:\"plugins/everest-forms\"\n\nRead more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/everest-forms/everest-forms-contact-form-quiz-survey-newsletter-payment-form-builder-for-wordpress-311-unauthenticated-php-object-injection", "creation_timestamp": "2026-07-09T03:00:08.550219Z"}