Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
Summary
Hackers are actively exploiting a critical remote code execution vulnerability (CVE-2026-3300) in the Everest Forms Pro WordPress plugin to gain full control of websites. This flaw impacts all versions up to 1.9.12, and a patch has been released.
IFF Assessment
The exploitation of a critical vulnerability leading to site compromise is detrimental to website owners and defenders.
Severity
The CVSS score of 9.8 indicates a critical severity, reflecting a remote code execution flaw that allows for full site compromise with a high degree of exploitability and significant impact.
Defender Context
Website administrators using the Everest Forms Pro plugin should immediately update to the patched version to mitigate the risk of compromise. This incident highlights the importance of regularly patching plugins and monitoring for active exploitation of known vulnerabilities.