Threat actors are actively exploiting a critical security flaw in Everest Forms Pro. This WordPress plugin, with about 4,000 active installations, allows attackers to execute arbitrary code. This exploitation ultimately leads to a complete compromise of affected websites. The vulnerability is identified as CVE-2026-3300, boasting a CVSS score of 9.8. It's a severe remote code execution bug. All versions of the plugin up to, and including, 1.9.
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro. This WordPress plugin, with about 4,000 active installations, allows attackers to execute arbitrary code. This exploitation ultimately leads to a complete compromise of affected websites.
The vulnerability is identified as CVE-2026-3300, boasting a CVSS score of 9.8. It's a severe remote code execution bug. All versions of the plugin up to, and including, 1.9.12 are impacted. A patch for this critical flaw was subsequently released.