A critical remote code execution vulnerability (CVE-2026-3300, CVSS 9.8) in the Everest Forms Pro WordPress plugin is being actively exploited by threat actors to compromise websites. The flaw affects all versions up to 1.9.12 of the plugin, which has approximately 4,000 active installations, allowing attackers to execute arbitrary code and achieve complete site takeover.
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, 1.9.12. A patch for the flaw was
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
