TECH NEWS

WordPress users beware — experts claim sites are being hijacked using a critical flaw in popular Everest Forms Pro…

https://cdn.mos.cms.futurecdn.net/PxxKy74xA4GapoubYuoRtK-2560-80.jpg
  • Critical RCE flaw in Everest Forms Pro (CVE‑2026‑3300) actively exploited
  • Attackers create rogue admin account “diksimarina” via PHP injection
  • Nearly 30,000 takeover attempts blocked; admins urged to patch and block key IPs

Security researchers are warning of an ongoing hacking campaign targeting certain WordPress websites using a popular plugin tool.

Wordfence has claimed Everest Forms Pro, a popular WordPress plugin, was allegedly being used to create contract, registration, payment, and other application forms, carried a critical-severity vulnerability that allowed malicious actors to take over the sites entirely.

The bug was described as a Remote Code Execution (RCE) flaw via PHP code injection. It is tracked as CVE-2026-3300 and was given the severity rating of 9.8/10 (critical). It affects all versions of the plugin up to, and including, 1.9.12.

Patched months ago

Wordfence is now warning that the flaw is being actively abused in the wild to create malicious admin...

Copyright of this story solely belongs to techradar.com. To see the full text click HERE

Read more