WordPress site administrators are facing a significant security issue due to a vulnerability in the Everest Forms Pro plugin. This flaw, which has been actively exploited, allows unauthorized individuals to take control of websites. According to Defiant, a prominent security firm, this vulnerability has been used in attacks for several months.
Understanding the Everest Forms Vulnerability
Everest Forms, a popular plugin used by over 100,000 WordPress sites to create various types of forms, is at the center of this security threat. The vulnerability, identified as CVE-2026-3300 with a CVSS score of 9.8, permits remote attackers to inject PHP code into form fields via the Complex Calculation feature.
Despite the plugin’s efforts to sanitize inputs, a specific function fails to properly escape certain characters, allowing malicious code to be executed on the server. This enables attackers to inject and run arbitrary PHP code by manipulating form fields such as text, email, or URL when utilizing the affected feature.
Exploitation and Consequences
The exploitation of this vulnerability can lead to severe consequences, including the creation of unauthorized administrative accounts and the deployment of web shells. These actions grant attackers full control over compromised WordPress sites, jeopardizing the security and integrity of the affected websites.
Defiant reports that the vulnerability was first addressed in Everest Forms Pro version 1.9.13, released in March. However, exploitation attempts have persisted, with the first known attack occurring on April 13. To date, more than 29,000 exploit attempts have been blocked by the security firm.
Recommendations for WordPress Users
WordPress site owners using Everest Forms Pro are strongly advised to update to version 1.9.13 or later immediately. Additionally, they should check for unauthorized administrative accounts, especially those named ‘diksimarina’ or using the email ‘[email protected]’.
Staying vigilant and keeping plugins updated are crucial steps in safeguarding WordPress sites against similar threats. As vulnerabilities continue to emerge, proactive security measures are essential to protect online assets.
Related security concerns in WordPress plugins such as Kirki, Burst Statistics, and WP Maps Pro have also been highlighted, emphasizing the need for ongoing diligence in maintaining website security.
For more information on protecting your WordPress site and the latest security updates, visit the official WordPress security page regularly.
