CVE-2024-1812 – The Everest Forms WordPress plugin has a Server... (How to Fix)

Q: What is the severity of CVE-2024-1812?

CVE-2024-1812 has a CVSS score of 7.2 (HIGH). The Everest Forms WordPress plugin has a Server-Side Request Forgery (SSRF) vulnerability that allows unauthenticated attackers to make arbitrary web requests from the vulnerable server. This can be used to query or modify internal services accessible from the web server. All WordPress sites using Everest Forms versions 2.0.7 and earlier are affected.

📋 TL;DR

The Everest Forms WordPress plugin has a Server-Side Request Forgery (SSRF) vulnerability that allows unauthenticated attackers to make arbitrary web requests from the vulnerable server. This can be used to query or modify internal services accessible from the web server. All WordPress sites using Everest Forms versions 2.0.7 and earlier are affected.

💻 Affected Systems

Products:

Everest Forms WordPress Plugin

Versions: All versions up to and including 2.0.7

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the vulnerable plugin version are affected regardless of configuration.

📦 What is this software?

Everest Forms by Wpeverest

View all CVEs affecting Everest Forms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, sensitive data, or perform actions on internal systems, potentially leading to data exfiltration, internal network compromise, or lateral movement.

🟠

Likely Case

Attackers scan internal networks, access metadata services, or interact with internal APIs to gather information about the infrastructure.

🟢

If Mitigated

With proper network segmentation and egress filtering, impact is limited to external requests only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SSRF vulnerabilities are commonly exploited and require minimal technical skill when weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.8 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3049743/everest-forms

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Everest Forms and click 'Update Now'. 4. Alternatively, download version 2.0.8+ from WordPress.org and replace the plugin files.

🔧 Temporary Workarounds

Disable Everest Forms Plugin

all

Temporarily disable the vulnerable plugin until patching is possible.

wp plugin deactivate everest-forms

Web Application Firewall Rule

all

Block requests containing suspicious 'font_url' parameter patterns.

🧯 If You Can't Patch

Implement network egress filtering to restrict outbound connections from web servers.
Use web application firewall to block SSRF patterns and restrict internal network access.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Everest Forms version. If version is 2.0.7 or earlier, you are vulnerable.

Check Version:

wp plugin get everest-forms --field=version

Verify Fix Applied:

Verify Everest Forms version is 2.0.8 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from web server to internal IPs or metadata endpoints
Requests to Everest Forms endpoints with 'font_url' parameter containing unusual values

Network Indicators:

Web server making unexpected outbound HTTP requests to internal services or cloud metadata endpoints

SIEM Query:

source="web_server_logs" AND (uri_path="/wp-content/plugins/everest-forms/" AND parameters CONTAINS "font_url")

📊 Metadata

CVE ID: CVE-2024-1812

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-918

Published: April 9, 2024

Last Updated: May 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1812, you might also want to check these: