Critical RCE in Everest Forms Pro WordPress Plugin (CVE‑2026‑3300) Enables Full Site Takeover
What It Is — A remote‑code‑execution (RCE) flaw (CVE‑2026‑3300) in the Everest Forms Pro WordPress plugin lets an attacker upload and execute arbitrary PHP, giving them full control of the compromised web site.
Exploitability — Active exploitation is confirmed in the wild; proof‑of‑concept code and exploit kits have been observed. CVSS v3.1 base score 9.8 (Critical).
Affected Products — Everest Forms Pro plugin for WordPress, all versions up to and including 1.9.12 (≈ 4 000 active installations).
TPRM Impact — Any third‑party organization that relies on the plugin for forms, registrations, or payments faces:
- Potential data exfiltration or ransomware deployment on compromised sites.
- Brand and reputational damage that can cascade to partners and customers.
- Supply‑chain risk if compromised sites host services used by downstream vendors.
Recommended Actions —
- Patch immediately – upgrade to Everest Forms Pro 1.9.13 or later.
- Apply WAF/IPS rules to block the known malicious payloads (e.g., block
wp‑admin/admin‑ajax.phpcalls containingeverest_forms). - Conduct forensic scans of all sites running the plugin to detect backdoors or web‑shells.
- Review plugin inventory – consider removing or replacing Everest Forms Pro where not essential.
- Monitor threat‑intel feeds for indicators of compromise (IoCs) related to CVE‑2026‑3300.
Source: The Hacker News