Everest Forms Pro plugin actively exploited RCE (CVE-2026-3300)
Vulnerability
Summary
Hide ▲
Show ▼
Everest Forms Pro has an actively exploited critical remote code execution flaw, CVE-2026-3300, that lets unauthenticated attackers run PHP and take over WordPress sites. The bug affects versions through 1.9.12, and WPEverest fixed it in 1.9.13 on March 18, 2026. Wordfence says abuse began on April 13, 2026, and its firewall has blocked more than 29,300 exploit attempts so far.
Cases
Related Happenings
ShapedPlugin hit by network compromise
Incident
H score19
First: 18.06.2026 15:55
Last: 18.06.2026 15:55
Sources 1
About this happening:
ShapedPlugin suffered a supply-chain compromise that pushed infected WordPress plugin releases to paying customers through the vendor's official update system, put...
ShapedPlugin hit by network compromise
IncidentAbout this happening: ShapedPlugin suffered a supply-chain compromise that pushed infected WordPress plugin releases to paying customers through the vendor's official update system, put...
Everest Forms Pro CVE-2026-3300 active exploitation wave
Exploitation Wave
H score87
First: 05.06.2026 11:38
Last: 05.06.2026 11:38
Sources 1
How related:
According to Wordfence data, active exploitation started on April 13, with the firewall blocking over 29,300 attempts.
About this happening:
Active exploitation of CVE-2026-3300 in Everest Forms Pro is driving complete site compromise risk for WordPress sites. Attackers have been using the flaw for arbitrar...
Everest Forms Pro CVE-2026-3300 active exploitation wave
Exploitation WaveHow related: According to Wordfence data, active exploitation started on April 13, with the firewall blocking over 29,300 attempts.
About this happening: Active exploitation of CVE-2026-3300 in Everest Forms Pro is driving complete site compromise risk for WordPress sites. Attackers have been using the flaw for arbitrar...
CISA KEV multi-product active exploitation wave (CVE-2020-7796)
Exploitation Wave
H score53
First: 18.02.2026 08:52
Last: 18.02.2026 08:52
Sources 1
About this happening:
CISA expanded its KEV catalog with four actively exploited flaws, signaling a live exploitation wave across Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...
CISA KEV multi-product active exploitation wave (CVE-2020-7796)
Exploitation WaveAbout this happening: CISA expanded its KEV catalog with four actively exploited flaws, signaling a live exploitation wave across Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...
CISA SmarterMail remediation guidance for CVE-2026-24423
Advisory/Mitigation
H score86
First: 06.02.2026 19:16
Last: 06.02.2026 19:16
Sources 1
About this happening:
SmarterMail is at the center of a CVE-2026-24423 remediation and exploitation wave: the flaw enables unauthenticated remote code execution in versions prior to Build...
CISA SmarterMail remediation guidance for CVE-2026-24423
Advisory/MitigationAbout this happening: SmarterMail is at the center of a CVE-2026-24423 remediation and exploitation wave: the flaw enables unauthenticated remote code execution in versions prior to Build...
WordPress plugin exploitation wave (GutenKit and Hunk Companion)
Exploitation Wave
H score55
First: 24.10.2025 22:28
Last: 24.10.2025 22:28
Sources 1
About this happening:
WordPress sites are facing a broad exploitation wave against GutenKit and Hunk Companion plugin flaws, with Wordfence blocking 8.7 million attack attempts...
WordPress plugin exploitation wave (GutenKit and Hunk Companion)
Exploitation WaveAbout this happening: WordPress sites are facing a broad exploitation wave against GutenKit and Hunk Companion plugin flaws, with Wordfence blocking 8.7 million attack attempts...
Timeline
-
04.06.2026 19:15 2 articles · 1mo ago
Everest Forms Pro attackers begin exploiting CVE-2026-3300
Exploitation ObservedWordfence telemetry shows unauthenticated attackers began exploiting CVE-2026-3300 against Everest Forms Pro WordPress sites on April 13, 2026, using the plugin's Complex Calculation feature to reach PHP eval() and potentially create rogue administrator accounts or plant webshells.
Show sources
- Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites — www.infosecurity-magazine.com — 04.06.2026 19:15
- Critical Everest Forms Pro flaw exploited to take over WordPress sites — www.bleepingcomputer.com — 06.06.2026 17:09
-
04.06.2026 19:15 2 articles · 1mo ago
Wordfence blocks 17,900 Everest Forms Pro exploit attempts in a May 16 surge
Detection Ioc UpdateWordfence said its firewall blocked more than 29,300 exploit attempts against Everest Forms Pro, and a surge on May 16, 2026 accounted for over 17,900 blocked attempts in a single day.
Show sources
- Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites — www.infosecurity-magazine.com — 04.06.2026 19:15
- Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites — thehackernews.com — 05.06.2026 11:38
-
04.06.2026 19:15 2 articles · 1mo ago
Wordfence discloses active exploitation of Everest Forms Pro CVE-2026-3300
Initial DisclosureWordfence disclosed that Everest Forms Pro for WordPress has a critical remote code execution flaw tracked as CVE-2026-3300, rated 9.8 on the CVSS scale and affecting releases through 1.9.12; WPEverest fixed the bug in 1.9.13, and administrators were urged to update affected sites without delay.
Show sources
- Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites — www.infosecurity-magazine.com — 04.06.2026 19:15
- Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites — www.infosecurity-magazine.com — 04.06.2026 19:15