What is CVE -2026-27070?

CVE-2026-27070 is a high-severity vulnerability in the Everest Forms Pro plugin for WordPress, affecting versions up to and including 1.9.10. It allows unauthenticated attackers to perform Stored Cross-Site Scripting due to inadequate input sanitization and output escaping.

How does the vulnerability work?

The vulnerability enables attackers to inject arbitrary web scripts into pages that will execute when a user accesses those pages. This occurs because the plugin fails to properly sanitize user input, allowing malicious scripts to be stored and executed.

Who is affected by this vulnerability?

Any WordPress site using the Everest Forms Pro plugin version 1.9.10 or earlier is at risk. Administrators should check their plugin version against this information to determine if they are affected.

How can I check if my site is vulnerable?

To check if your site is vulnerable, navigate to the plugins section of your WordPress admin dashboard. Look for the Everest Forms Pro plugin and verify the version number. If it is 1.9.10 or earlier, your site is at risk.

What should I do to fix this vulnerability?

The best course of action is to update the Everest Forms Pro plugin to the latest version as soon as a security patch is released by the vendor. Monitor the vendor’s website or security advisories for updates.

Is there a way to mitigate the risk before a fix is available?

While waiting for a patch, consider disabling the Everest Forms Pro plugin to prevent potential exploitation. Additionally, review user permissions and limit access to sensitive areas of your site.

What does a CVSS score of 7.2 indicate?

A CVSS score of 7.2 indicates a high severity level, meaning the vulnerability poses a significant risk to affected systems. This score suggests that exploitation could lead to serious consequences, such as data exposure or unauthorized actions.

What are the potential impacts of this vulnerability?

Exploitation of this vulnerability could lead to various impacts, including data exposure, defacement of web pages, or even privilege escalation. The exact consequences depend on the attacker’s intentions and the site’s configuration.

What is Stored Cross-Site Scripting?

Stored Cross-Site Scripting (XSS) is a type of vulnerability where an attacker injects malicious scripts into a web application. These scripts are stored on the server and executed in the browser of users who access the affected pages, potentially compromising user data.

How can a proof of concept demonstrate this issue?

A proof of concept for this vulnerability would typically show how an attacker can inject a script and how that script executes in the context of a user’s session. This demonstration highlights the exploitability of the vulnerability and the potential risks involved.

Where can I find more information about this vulnerability?

More information can be found on security advisories, the official CVE database, and the plugin vendor’s website. These resources often provide updates, patches, and additional context about the vulnerability.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 23, 2026

CVE-2026-27070: Everest Forms Pro <= 1.9.10 – Unauthenticated Stored Cross-Site Scripting (everest-forms-pro)

CVE ID CVE-2026-27070

Plugin everest-forms-pro

Severity High (CVSS 7.2)

CWE 79

Vulnerable Version —

Patched Version —

Disclosed March 11, 2026

Analysis Overview

Atomic Edge analysis of CVE-2026-27070 (metadata-based):

This vulnerability affects the Everest Forms Pro WordPress plugin. The metadata indicates a security flaw exists, but critical classification details are missing. Without CWE, CVSS, or description data, the exact nature and severity cannot be determined from the provided information. The vulnerability’s impact remains unspecified.

Root cause analysis is impossible due to the absence of CWE classification and vulnerability description. Atomic Edge research cannot infer technical details about the flaw’s origin without these fundamental data points. The vulnerability’s existence is noted, but its mechanics are unconfirmed.

Exploitation methodology cannot be described without understanding the vulnerability type. The plugin slug ‘everest-forms-pro’ suggests potential attack surfaces include form submission handlers, AJAX endpoints for form processing, or administrative interfaces. Specific endpoints, parameters, and payloads remain unknown.

Remediation guidance requires the vulnerability’s technical classification. A proper fix depends entirely on the flaw type, which the metadata does not specify. Plugin users should monitor the vendor for an official security update and apply it immediately upon release.

Impact assessment cannot be performed without vulnerability details. Potential consequences range from data exposure to privilege escalation, but the actual impact remains undefined. The lack of patched version information suggests the vulnerability may be unaddressed at publication time.

Frequently Asked Questions

What is CVE-2026-27070?
Understanding the vulnerability
CVE-2026-27070 is a high-severity vulnerability in the Everest Forms Pro plugin for WordPress, affecting versions up to and including 1.9.10. It allows unauthenticated attackers to perform Stored Cross-Site Scripting due to inadequate input sanitization and output escaping.
How does the vulnerability work?
Mechanism of exploitation
The vulnerability enables attackers to inject arbitrary web scripts into pages that will execute when a user accesses those pages. This occurs because the plugin fails to properly sanitize user input, allowing malicious scripts to be stored and executed.
Who is affected by this vulnerability?
Identifying at-risk users
Any WordPress site using the Everest Forms Pro plugin version 1.9.10 or earlier is at risk. Administrators should check their plugin version against this information to determine if they are affected.
How can I check if my site is vulnerable?
Version verification process
To check if your site is vulnerable, navigate to the plugins section of your WordPress admin dashboard. Look for the Everest Forms Pro plugin and verify the version number. If it is 1.9.10 or earlier, your site is at risk.
What should I do to fix this vulnerability?
Remediation steps
The best course of action is to update the Everest Forms Pro plugin to the latest version as soon as a security patch is released by the vendor. Monitor the vendor’s website or security advisories for updates.
Is there a way to mitigate the risk before a fix is available?
Temporary risk reduction strategies
While waiting for a patch, consider disabling the Everest Forms Pro plugin to prevent potential exploitation. Additionally, review user permissions and limit access to sensitive areas of your site.
What does a CVSS score of 7.2 indicate?
Understanding severity ratings
A CVSS score of 7.2 indicates a high severity level, meaning the vulnerability poses a significant risk to affected systems. This score suggests that exploitation could lead to serious consequences, such as data exposure or unauthorized actions.
What are the potential impacts of this vulnerability?
Consequences of exploitation
Exploitation of this vulnerability could lead to various impacts, including data exposure, defacement of web pages, or even privilege escalation. The exact consequences depend on the attacker’s intentions and the site’s configuration.
What is Stored Cross-Site Scripting?
Defining the attack type
Stored Cross-Site Scripting (XSS) is a type of vulnerability where an attacker injects malicious scripts into a web application. These scripts are stored on the server and executed in the browser of users who access the affected pages, potentially compromising user data.
How can a proof of concept demonstrate this issue?
Understanding proof of concept
A proof of concept for this vulnerability would typically show how an attacker can inject a script and how that script executes in the context of a user’s session. This demonstration highlights the exploitability of the vulnerability and the potential risks involved.
Where can I find more information about this vulnerability?
Resources for further reading
More information can be found on security advisories, the official CVE database, and the plugin vendor’s website. These resources often provide updates, patches, and additional context about the vulnerability.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations