What's Happening?
A critical vulnerability has been identified in the Everest Forms Pro plugin for WordPress, which is being actively exploited to hijack vulnerable websites. According to Wordfence, a WordPress security firm, the flaw allows unauthenticated attackers to execute
PHP code on a target server, potentially taking over the site. The vulnerability, tracked as CVE-2026-3300, has a CVSS score of 9.8 and affects all versions up to 1.9.12. Everest Forms Pro, developed by WPEverest, is a commercial form builder with approximately 4,000 active installations. The flaw was reported by a researcher known as h0xilo and has been patched in version 1.9.13. However, sites running earlier versions remain at risk. The vulnerability is linked to the plugin's Calculation add-on, which improperly sanitizes input, allowing attackers to inject PHP code. Wordfence has reported blocking over 29,300 exploit attempts, with a significant surge occurring on May 16, 2026.
Why It's Important?
The exploitation of this vulnerability poses a significant threat to website security, particularly for businesses and individuals relying on WordPress for their online presence. The ability for attackers to execute arbitrary code can lead to unauthorized access, data breaches, and potential financial losses. This incident underscores the importance of timely software updates and robust security practices for website administrators. The widespread use of WordPress amplifies the potential impact, as vulnerabilities in popular plugins can affect thousands of sites. The situation highlights the ongoing challenges in maintaining cybersecurity in the face of evolving threats and the critical role of security firms in identifying and mitigating such risks.
What's Next?
Website administrators using Everest Forms Pro are urged to update to the latest version immediately to mitigate the risk of exploitation. Continued monitoring and patching of vulnerabilities will be essential to prevent future attacks. Security firms and developers may increase efforts to identify similar vulnerabilities in other plugins, emphasizing the need for comprehensive security audits. Users should remain vigilant and consider implementing additional security measures, such as firewalls and intrusion detection systems, to protect their sites from potential threats.
