VulnerabilityBleeping Computer
9.8 — CRITICAL
Critical Everest Forms Pro flaw exploited to take over WordPress sites
Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Hackers are exploiting a critical vulnerability in the Everest Forms Pro plugin, allowing them to take control of WordPress websites without authentication. The vulnerability is being actively exploited in the wild, with over 29,300 attempts blocked by Wordfence's firewall.
⚙️Technical Details
💥Impact Assessment
Severity: Critical
Who Is at Risk
Website administrators and owners of WordPress sites using Everest Forms Pro plugin
🛡️Recommended Actions
1Block exploitation attempts from IP addresses 202.56.2[.]126 and 209.146.60.26
2Review log files and administrator accounts for suspicious activity containing the string 'diksimarina'
3Apply the patch released by Everest Forms developer to fix the vulnerability
📦Affected Products
Product Name: Everest Forms Pro pluginVersion Range: 1.9.12 and earlier
🔐NVD Verified DataVERIFIED
CVE-2026-3300 ↗CVSS 9.8 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-94
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.