Hackers exploit critical Everest Forms Pro vulnerability for website control

Hackers are actively exploiting a critical vulnerability, CVE-2026-3300, in the Everest Forms Pro WordPress plugin, allowing them to gain complete control of affected websites. This security issue impacts versions 1.9.12 and earlier and can be exploited without authentication to execute arbitrary code on the server, as reported by Bleeping Computer.

The vulnerability resides within the plugin's Complex Calculation feature, which processes user input and inserts it into a PHP code string for execution via the "eval()" function. Although a sanitization function is used, it fails to escape characters like single quotes, enabling attackers to inject malicious PHP code. This allows them to close the intended string, inject arbitrary code, and comment out the remainder, leading to code execution. Exploitation in the wild has been observed, with attackers creating rogue administrator accounts using the username "diksimarina".

This administrator-level access grants attackers full control to modify content, install malicious plugins, plant backdoors, and access sensitive databases. A patch was released on March 18, but active exploitation began on April 13, with thousands of attempts blocked. Wordfence recommends blocking specific IP addresses and advises administrators to review logs for suspicious activity, particularly the username "diksimarina".

Source: Bleeping Computer