Hackers Actively Exploiting WordPress Plugin Vulnerability to Inject Malicious PHP Code

📅 4 June 2026 at 12:01 UTC📰 Cyber Security NewsView original source ↗

Hackers are actively exploiting a critical remote code execution (RCE) vulnerability in the Everest Forms Pro WordPress plugin, allowing unauthenticated attackers to inject and execute arbitrary PHP code on vulnerable websites. The flaw, tracked as CVE-2026-3300 with a CVSS score of 9.8, affects all versions up to 1.9.12 and has already been observed in widespread […] The post Hackers Actively Exploiting WordPress Plugin Vulnerability to Inject Malicious PHP Code appeared first on Cyber Security News.

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News ↗

← Back to feed