everestforms.net
Scanned May 28, 2026, 07:16 AM
Run a fresh audit — UpgradeSecurity Assessment
Key findings for everestforms.net
- 2 critical vulnerabilities requiring immediate attention.
- 5 active vulnerabilities detected across 12 plugins.
- 3 plugins are outdated and should be updated.
- Security headers are well configured.
- 4 sensitive paths exposed to the public.
WordPress
Active Theme
Hosting Provider
Detected Plugins
12 total| Plugin | Vulnerabilities |
|---|---|
Brevo – Email, SMS, Web Push, Chat, and more. high confidence | None found |
everest-forms-pro medium confidence | criticalCVE-2026-3300 highCVE-2026-27070 |
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings medium confidence | None found |
| None found |
Your full security report is ready
We found 12 plugins on this site. Unlock the complete analysis:
Security Report
- Full report for this site
- Every detected plugin & CVE
- Remediation guidance
- No re-audit after fixes
Report + Re-audit
- Everything in Security Report
- One complimentary re-audit within 90 days
- Verify your fixes actually closed the findings
- Clean-record badge for your site
Guided Remediation
- Everything in Report + Re-audit
- 15–30 min expert consult to triage findings
- Prioritized action plan for your site
- Optional partner handoff for fixes
One-time payment · Instant access · No subscription required
Not ready to buy? We'll send you a one-time free alert
if we detect a new vulnerability affecting your plugins.
One free alert · Continuous monitoring available with a paid plan
Security Posture
Security Headers
100/100CSP is configured, helping prevent XSS and injection attacks.
Strong HSTS policy with includeSubDomains.
Clickjacking protection is enabled.
TLS/SSL Certificate
Exposed Paths & Login Security
4 exposed4 security issues found — unlock to see which paths are exposed.
DNS & Email Security
SPF record with hard fail (-all) — strong email authentication.
DMARC policy is set to none — monitoring only, not enforcing.
DKIM record found for selector "mail". Email signatures can be verified.
Infrastructure
Server: cloudflare
X-Powered-By header is not exposed.
Cloudflare WAF detected — provides additional protection against attacks.
WordPress version 7.0 is exposed in the generator meta tag. Consider removing it.