Hackers are actively exploiting a critical flaw in the Everest Forms Pro WordPress plugin that can allow remote code execution on vulnerable sites. The issue is tracked as CVE-2026-3300 and affects versions up to 1.9.12. According to Wordfence, the bug comes from the plugin’s calculation feature, where user submitted form values could be inserted into PHP code and passed to eval() without proper escaping. That basically means a form field can become a code execution path if the site is vulnerable. This is the boring side of web security that keeps causing real damage. A normal business website adds a popular plugin for contact forms, quotes, registrations, or lead capture, and suddenly that plugin becomes the easiest path to full site compromise. If you run WordPress, plugin updates are not optional maintenance. They are part of security. Source - https://thehackernews.com/2026/06/hackers-exploit-critical-everest-forms.html submitted by /u/sunychoudhary
Originally posted by u/sunychoudhary on r/ArtificialInteligence