Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

Threat actors are actively exploiting CVE-2026-3300, a critical remote code execution vulnerability in Everest Forms Pro, a WordPress plugin installed on approximately 4,000 sites. The flaw carries a CVSS score of 9.8, indicating severe risk.

The vulnerability affects all versions of Everest Forms Pro through version 1.9.12. Attackers exploit this bug to execute arbitrary code and achieve complete site takeover. WordPress administrators running affected versions face immediate risk of full compromise, including data theft, malware injection, and defacement.

The plugin's relatively modest installation base of 4,000 active sites does not diminish the threat. Each compromised installation can serve as an attack vector for further malicious activity. Attackers often use compromised WordPress sites to distribute malware, steal customer data, or launch subsequent attacks against connected systems.

The active exploitation suggests threat actors have reliable methods to identify and target vulnerable instances. Organizations and website owners running Everest Forms Pro must prioritize immediate action. The vendor released patches addressing this vulnerability, and administrators should update to version 1.9.13 or later without delay.

For those unable to update immediately, disabling the plugin until patches deploy reduces exposure. Website operators should monitor access logs for suspicious activity and conduct security scans to detect any existing compromise. Server-side protections such as web application firewalls can block known attack patterns while patches deploy across the ecosystem.

The 9.8 CVSS score reflects the absence of authentication requirements and network-based attack vector. Exploitation requires minimal attacker sophistication. Any exposed Everest Forms Pro installation becomes a target within hours of vulnerability disclosure.

WordPress administrators should treat this as a critical incident requiring immediate response. Patch deployment, security scanning, and log analysis form the core of effective remediation. Organizations hosting multiple WordPress instances should prioritize those