Everest Forms Vulnerability Exploited to Hack WordPress Sites
The flaw allows attackers to execute arbitrary code remotely and has been exploited in the wild for two months. The post Everest Forms Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek.
A critical-severity vulnerability in the Everest Forms Pro WordPress plugin has been exploited in the wild for months for site takeover, Defiant warns.
Present on more than 100,000 WordPress websites, Everest Forms is designed for creating contact forms, order forms, payment forms, and surveys.
Tracked as CVE-2026-3300 (CVSS score of 9.8), the security defect allows unauthenticated, remote attackers to inject PHP code into form fields using the Complex Calculation feature.
Source: https://www.securityweek.com/everest-forms-vulnerability-exploited-to-hack-wordpress-sites/
Related breach coverage
- WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites2026-06-01
The security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations. The post WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites appeared first on SecurityWeek.
- Exploit Code Published for Critical Flowise RCE Vulnerability2026-05-30
The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow. The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek.
- Unpatched ChromaDB Vulnerability Can Lead to Server Takeover2026-05-19
The security defect can be exploited remotely, without authentication, to execute arbitrary code and leak sensitive information. The post Unpatched ChromaDB Vulnerability Can Lead to Server Takeover appeared first on SecurityWeek.
- SolarWinds Serv-U Vulnerability Exploited in the Wild2026-06-08
Unauthenticated attackers can exploit the flaw via specially crafted POST requests that crash the Serv-U service. The post SolarWinds Serv-U Vulnerability Exploited in the Wild appeared first on SecurityWeek.