Hackers are actively exploiting CVE-2026-3300 in the Everest Forms Pro plugin to gain unauthenticated code execution and create rogue administrator accounts on WordPress sites. Wordfence says attacks began on April 13, with more than 29,300 blocked attempts and indicators tied to IPs 202.56.2[.]126 and 209.146.60.26. #CVE-2026-3300 #EverestFormsPro #Wordfence #diksimarina
Keypoints
- CVE-2026-3300 affects Everest Forms Pro version 1.9.12 and earlier.
- The flaw allows unauthenticated arbitrary code execution on WordPress servers.
- The issue is in the Complex Calculation feature that passes input into PHP eval().
- Attackers are using the flaw to create rogue administrator accounts.
- Wordfence recommends blocking malicious IPs and checking for suspicious admin accounts, including βdiksimarina.β