Cybersecurity experts have reported active exploitation of a severe vulnerability in the Everest Forms Pro WordPress plugin, threatening over 4,000 installations. The flaw allows attackers to execute arbitrary code, potentially leading to full site control.
Details of the Security Flaw
The vulnerability, identified as CVE-2026-3300, is a remote code execution issue affecting all plugin versions up to 1.9.12. With a CVSS score of 9.8, this critical flaw was addressed with a patch released on March 18, 2026, in version 1.9.13.
According to Wordfence, the issue stems from the Calculation Addon’s process_filter() function, which inadequately escapes user inputs before executing them as PHP code. This oversight allows attackers to inject harmful code via any form field using the ‘Complex Calculation’ feature.
Exploitation Impact and Observations
Successful exploitation can enable unauthorized individuals to run PHP code on the server, create false administrator accounts, and deploy malicious software. Wordfence reported that since April 13, 2026, over 29,300 exploit attempts have been blocked, with 16 attempts occurring in the past day alone.
Attackers typically aim to establish an administrator account under the name ‘diksimarina’ using specific IP addresses, underscoring the need for heightened vigilance among site administrators.
Broader Cybersecurity Concerns
The report coincides with a warning from Sansec about skimmer campaigns leveraging Stripe as a covert command-and-control server. By exploiting trusted domains like Stripe and Google Tag Manager, attackers can bypass security filters to steal sensitive customer data from e-commerce platforms.
One such campaign, GorgonAgora, utilizes counterfeit .shop sites to impersonate major brands and siphon card information to a centralized server in Moldova. This operation highlights the sophistication and scale of modern cyber threats.
In conclusion, the exploitation of the Everest Forms Pro plugin and similar campaigns underscore the importance of regular security updates and vigilant monitoring of web applications. As cyber threats evolve, staying informed and proactive is critical for protecting online assets.
