Hackers are actively exploiting a critical bug in the Everest Forms Pro WordPress plugin to seize control of vulnerable websites. The flaw, CVE-2026-3300, affects Everest Forms Pro 1.9.12 and earlier and allows unauthenticated remote code execution through the plugin’s Complex Calculation feature, which unsafely passes form input into PHP eval(). Wordfence says attacks began by April 13 and are creating rogue administrator accounts, including one named “diksimarina.”
Why it matters: Affected WordPress sites can be fully hijacked without a login, allowing attackers to add admin users, install backdoors, and alter site content. Site owners should update immediately, review administrator accounts and logs for suspicious activity, and check for indicators tied to the reported campaign.
Ionut Arghire
2026.06.08
98% relevant
This article is the same underlying event and adds detail that exploitation began on April 13, Defiant blocked over 29,000 attempts, the attacks often created an admin account named 'diksimarina', and the bug stems from unsafe handling in the Complex Calculation feature despite a March patch in version 1.9.13.
Bill Toulas
2026.06.06
100% relevant
This article establishes a distinct new story around active exploitation of CVE-2026-3300 in Everest Forms Pro, including affected versions, exploitation details, attacker behavior, and defender guidance.
← Back to all stories