Hackers Exploit Critical Everest Forms Pro Flaw

A critical flaw in the Everest Forms Pro WordPress plugin is being actively exploited, allowing hackers to take over entire websites.

Hackers are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin used for creating contact forms and surveys. The vulnerability, tracked as CVE-2026-3300, is a severe remote code execution (RCE) bug. This type of flaw is one of the most dangerous in web security, as it allows an unauthenticated attacker to run their own malicious code on a website's server from anywhere in the world, without needing any login credentials. The bug carries a CVSS score of 9.8 out of 10, a rating reserved for the most critical vulnerabilities that are easy to exploit and have a massive impact. A successful attack leads to a complete compromise of the website. This gives the threat actors full control over the site's files, database, and any sensitive user data it contains. Once in control, they can deface the site, install backdoors for persistent access, steal customer information, or use the compromised server to distribute malware or launch further attacks across the internet.

The vulnerability impacts all versions of the Everest Forms Pro plugin up to and including version 1.9.12. According to its public listing, the plugin has approximately 4,000 active installations. While this may seem like a small number compared to more popular plugins, every one of those sites is currently exposed to a significant and immediate threat. The active exploitation "in the wild" means that this is not a theoretical risk; attackers are already scanning for and compromising vulnerable websites. For any business, developer, or individual running an affected version, the consequences of a breach can be severe. A site takeover can result in significant financial loss from business disruption, reputational damage that erodes customer trust, and potential regulatory fines if personal data is stolen. The developers have released a security patch to fix the flaw, making it crucial for administrators to take immediate action to protect their digital assets.