A major vulnerability has been discovered in the Everest Forms Pro plugin for WordPress, allowing unauthenticated attackers to execute remote code and take over websites. This critical flaw, recorded as CVE-2026-3300, received a CVSS score of 9.8 and affects all versions up to 1.9.12. Exploitation of this vulnerability can lead to the creation of unauthorized administrator accounts and further access into the systems. A fix was issued in version 1.9.13, and website administrators are urged to update. Since the vulnerability's disclosure, over 29,300 exploit attempts have been blocked by Wordfence's security measures.
Critical RCE flaw in Everest Forms Pro lets hackers hijack sites
CyberSIXT Evidence Panel
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
Critical RCE flaw in Everest Forms Pro lets hackers hijack sites
www.infosecurity-magazine.com
-
Everest Forms Pro flaw lets hackers take over WordPress sites
securityonline.info