CVE-2024-1812
The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
We have discovered 12,472 live websites that are affected by CVE-2024-1812.
Affected Software
| Product |  Everest Forms |
| Category | Wordpress Plugins |
| Vulnerable Domains | 12,472 live websites (47.49% of Everest Forms install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 105 versions ( 80.77% of all versions) |
Details
- Published - Apr 9, 2024
- Updated - Aug 1, 2024
Credits
- hoangnd123123 (finder)
CVE References
CVE-2024-1812 usage by Country
 United States | 3,098 websites |
 Germany | 1,559 websites |
 France | 857 websites |
 Brazil | 541 websites |
 Poland | 485 websites |
 GB | 444 websites |
 Russia | 429 websites |
 Turkey | 378 websites |
 Netherlands | 327 websites |
 Italy | 303 websites |
CVE-2024-1812 usage by TLD
| .com | 4,511 websites |
| .de | 715 websites |
| .org | 573 websites |
| .ru | 464 websites |
| .pl | 401 websites |
| .com.br | 367 websites |
| .net | 337 websites |
| .nl | 328 websites |
| .fr | 279 websites |
| .co.uk | 254 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-1812
Top websites that are affected by CVE-2024-1812. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.org | United States | **,*** | |
| ********.com | United States | **,*** | |
| *****.***.br | Brazil | **,*** | |
| **************************.com | Germany | ***,*** | |
| ****.org | United States | ***,*** | |
| **********.com | United States | ***,*** | |
| ***************.org | United States | ***,*** | |
| *******.org | United States | ***,*** | |
| ******.com | United States | ***,*** | |
| ************.com |  Australia | ***,*** |
FAQ
A total of 12,472 websites have been identified as vulnerable to CVE-2024-1812, discovered through global website indexing conducted by WebTechSurvey.
Everest Forms is susceptible to CVE-2024-1812 vulnerability.
Everest Forms versions before, and including, 2.0.7 are vulnerable to CVE-2024-1812.