Threats Tagged 'cve-2026-5478'
View all threats tagged with 'cve-2026-5478'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-5478'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-5478: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in wpeverest Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form BuilderCVE-2026-5478 0 CVE-2026-5478 is a path traversal vulnerability in the Everest Forms WordPress plugin up to version 3. 4. 4. It allows unauthenticated attackers to read and delete arbitrary local files by injecting path traversal payloads into the old_files upload field parameter in public form submissions. This vulnerability arises because the plugin trusts attacker-controlled data and performs insecure path resolution without enforcing directory boundaries. Exploitation can lead to disclosure of sensitive files like wp-config. php, resulting in potential full site compromise, and deletion of critical files causing denial of service. The vulnerability requires the form to have a file-upload or image-upload field and disabled entry information storage. No official patch or remediation guidance is currently available. Join the discussion | CVE Database V5 | 04/20/2026, 19:27:08 UTC Added: 04/20/2026, 19:46:07 UTC |
Showing 1 to 1 of 1 result