New audit

everestforms.net

Scanned May 28, 2026, 07:16 AM

Run a fresh audit — Upgrade
95
A · Safe
12
Plugins Detected
5
Active Vulnerabilities
3
Outdated Plugins
0
Abandoned

Security Assessment

Key findings for everestforms.net

  • 2 critical vulnerabilities requiring immediate attention.
  • 5 active vulnerabilities detected across 12 plugins.
  • 3 plugins are outdated and should be updated.
  • Security headers are well configured.
  • 4 sensitive paths exposed to the public.

WordPress

Version 7.0
Core installation

Active Theme

Zakra
Up to date

Hosting Provider

Cloudflare
Infrastructure

Detected Plugins

12 total
PluginVulnerabilities
None found
+1 more
everest-forms-pro
everest-forms-pro
medium confidence
None found
None found
5 total vulnerabilities detected across 12 plugins

Your full security report is ready

We found 12 plugins on this site. Unlock the complete analysis:

All 12 detected plugins
CVE details & patch status
Security header analysis
Exposed paths & TLS audit
DNS & email security
CT log subdomain discovery

Security Report

one-time
$49USD
  • Full report for this site
  • Every detected plugin & CVE
  • Remediation guidance
  • No re-audit after fixes
Get Report — $49
Recommended

Report + Re-audit

best value
$99USD
  • Everything in Security Report
  • One complimentary re-audit within 90 days
  • Verify your fixes actually closed the findings
  • Clean-record badge for your site

Guided Remediation

small business
$299USD
  • Everything in Report + Re-audit
  • 15–30 min expert consult to triage findings
  • Prioritized action plan for your site
  • Optional partner handoff for fixes
Get Guided Remediation — $299

One-time payment · Instant access · No subscription required

Not ready to buy? We'll send you a one-time free alert

if we detect a new vulnerability affecting your plugins.

One free alert · Continuous monitoring available with a paid plan

Security Posture

A
Security Headers
A
TLS/SSL
F
Exposed Paths
B
Email Security

Security Headers

100/100
Content-Security-Policy

CSP is configured, helping prevent XSS and injection attacks.

Strict-Transport-Security

Strong HSTS policy with includeSubDomains.

X-Frame-Options

Clickjacking protection is enabled.

4 more checks — unlock full report to see all

TLS/SSL Certificate

Issuer
WE1
Expires
70 days
Protocol
TLSv1.3
Wildcard
Yes

Exposed Paths & Login Security

4 exposed

4 security issues found — unlock to see which paths are exposed.

DNS & Email Security

SPF

SPF record with hard fail (-all) — strong email authentication.

DMARC

DMARC policy is set to none — monitoring only, not enforcing.

DKIM

DKIM record found for selector "mail". Email signatures can be verified.

Infrastructure

Server Software

Server: cloudflare

X-Powered-By

X-Powered-By header is not exposed.

Web Application Firewall

Cloudflare WAF detected — provides additional protection against attacks.

WP Version Exposed

WordPress version 7.0 is exposed in the generator meta tag. Consider removing it.