Find notable cyber news and cases, enriched with sources, timelines, and signals.

Everest Forms Pro plugin actively exploited RCE (CVE-2026-3300)

Vulnerability
First reported
Last updated
Happening score
H score 87
3 unique sources, 3 articles

Summary

Hide ▲

Everest Forms Pro has an actively exploited critical remote code execution flaw, CVE-2026-3300, that lets unauthenticated attackers run PHP and take over WordPress sites. The bug affects versions through 1.9.12, and WPEverest fixed it in 1.9.13 on March 18, 2026. Wordfence says abuse began on April 13, 2026, and its firewall has blocked more than 29,300 exploit attempts so far.

Cases

Related Happenings

ShapedPlugin hit by network compromise

Incident
H score19 First: 18.06.2026 15:55 Last: 18.06.2026 15:55 Sources 1

About this happening: ShapedPlugin suffered a supply-chain compromise that pushed infected WordPress plugin releases to paying customers through the vendor's official update system, put...

Everest Forms Pro CVE-2026-3300 active exploitation wave

Exploitation Wave
H score87 First: 05.06.2026 11:38 Last: 05.06.2026 11:38 Sources 1

How related: According to Wordfence data, active exploitation started on April 13, with the firewall blocking over 29,300 attempts.

About this happening: Active exploitation of CVE-2026-3300 in Everest Forms Pro is driving complete site compromise risk for WordPress sites. Attackers have been using the flaw for arbitrar...

CISA KEV multi-product active exploitation wave (CVE-2020-7796)

Exploitation Wave
H score53 First: 18.02.2026 08:52 Last: 18.02.2026 08:52 Sources 1

About this happening: CISA expanded its KEV catalog with four actively exploited flaws, signaling a live exploitation wave across Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...

CISA SmarterMail remediation guidance for CVE-2026-24423

Advisory/Mitigation
H score86 First: 06.02.2026 19:16 Last: 06.02.2026 19:16 Sources 1

About this happening: SmarterMail is at the center of a CVE-2026-24423 remediation and exploitation wave: the flaw enables unauthenticated remote code execution in versions prior to Build...

WordPress plugin exploitation wave (GutenKit and Hunk Companion)

Exploitation Wave
H score55 First: 24.10.2025 22:28 Last: 24.10.2025 22:28 Sources 1

About this happening: WordPress sites are facing a broad exploitation wave against GutenKit and Hunk Companion plugin flaws, with Wordfence blocking 8.7 million attack attempts...

Timeline

  1. 04.06.2026 19:15 2 articles · 1mo ago

    Everest Forms Pro attackers begin exploiting CVE-2026-3300

    Exploitation Observed

    Wordfence telemetry shows unauthenticated attackers began exploiting CVE-2026-3300 against Everest Forms Pro WordPress sites on April 13, 2026, using the plugin's Complex Calculation feature to reach PHP eval() and potentially create rogue administrator accounts or plant webshells.

    Show sources
  2. 04.06.2026 19:15 2 articles · 1mo ago

    Wordfence blocks 17,900 Everest Forms Pro exploit attempts in a May 16 surge

    Detection Ioc Update

    Wordfence said its firewall blocked more than 29,300 exploit attempts against Everest Forms Pro, and a surge on May 16, 2026 accounted for over 17,900 blocked attempts in a single day.

    Show sources
  3. 04.06.2026 19:15 2 articles · 1mo ago

    Wordfence discloses active exploitation of Everest Forms Pro CVE-2026-3300

    Initial Disclosure

    Wordfence disclosed that Everest Forms Pro for WordPress has a critical remote code execution flaw tracked as CVE-2026-3300, rated 9.8 on the CVSS scale and affecting releases through 1.9.12; WPEverest fixed the bug in 1.9.13, and administrators were urged to update affected sites without delay.

    Show sources