A critical security vulnerability in the Everest Forms Pro WordPress plugin, identified as CVE-2026-3300, is being actively exploited by hackers to gain control of websites1. This remote code execution bug affects all versions of the plugin up to 1.9.12, putting approximately 4,000 active installations at risk. The vulnerability has a high CVSS score of 9.8, indicating a severe impact on compromised sites. As a result, threat actors can execute arbitrary code, leading to a complete site takeover. The exploitation of this flaw expands the active attack surface, making it essential for users to prioritize patches based on their exposure and evidence of exploitation. This vulnerability poses a significant risk to website security, and users should take immediate action to update their plugins to prevent potential compromises, as the exploitation of CVE-2026-3300 can have severe consequences for website owners and users.
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
⚠️ Critical Alert
Why This Matters
CVE-2026-3300 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- The Hacker News. (2026, June 5). Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites. *The Hacker News*. https://thehackernews.com/2026/06/hackers-exploit-critical-everest-forms.html
Original Source
The Hacker News
Read original →