Shared from twixb · securityweek.com

Everest Forms Vulnerability Exploited to Hack WordPress Sites

securityweek.com·Jun 8, 2026

A critical vulnerability (CVE-2026-3300) in the Everest Forms Pro WordPress plugin, affecting over 100,000 sites, has been exploited for months, allowing attackers to inject and execute arbitrary PHP code remotely. Users are urged to update to version 1.9.13 or newer to protect against unauthorized administrative account creation and other threats.

A critical vulnerability in the Everest Forms Pro WordPress plugin (CVE-2026-3300) has been actively exploited, allowing unauthenticated attackers to inject and execute arbitrary PHP code, leading to potential site takeovers. As someone focused on threat intelligence and incident response, ensure that WordPress deployments are updated to version 1.9.13 or newer immediately, and monitor for unauthorized admin accounts, particularly with the username 'diksimarina'.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

Everest Forms Vulnerability Exploited to Hack WordPress Sites

Want more content like this?

More from Cybersecurity News

[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You

Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts

Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

Risky Bulletin: Arch Linux supply chain attack hits 1,900 packages

Upcoming Speaking Engagements