Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Everest Forms Pro CVE-2026-3300 active exploitation wave

Exploitation Wave
First reported
Last updated
Happening score
H score 52
1 unique sources, 1 articles

Summary

Hide ▲

Active exploitation of CVE-2026-3300 in Everest Forms Pro is driving complete site compromise risk for WordPress sites. Attackers have been using the flaw for arbitrary code execution since April 13, 2026. More than 29,300 exploit attempts have already been blocked, showing sustained exploitation at scale.

Related Happenings

Everest Forms Pro plugin actively exploited RCE (CVE-2026-3300)

Vulnerability
First: 04.06.2026 19:15 Last: 04.06.2026 19:15 Sources 1

How related: The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, 1.9.12.

About this happening: **Everest Forms Pro** has an **actively exploited** critical **remote code execution** flaw, **CVE-2026-3300**, that lets unauthenticated attackers run **PHP** and take over **Wor...

Open Happening

Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)

Vulnerability
First: 14.05.2026 10:06 Last: 14.05.2026 10:06 Sources 1

About this happening: **Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...

Latest development: 14.05.2026 16:00

Cloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.

Open Happening

MetInfo CMS unauthenticated PHP code injection actively exploited remote code execution flaw (CVE-2026-29014)

Vulnerability
First: 05.05.2026 14:56 Last: 05.05.2026 14:56 Sources 1

About this happening: **CVE-2026-29014** in **MetInfo CMS** is **actively exploited**, putting **versions 7.9, 8.0, and 8.1** at risk of **remote code execution** and full server takeover. **MetInfo**...

Open Happening

TP-Link router authenticated command injection (CVE-2023-33538)

Vulnerability
First: 20.04.2026 10:50 Last: 20.04.2026 10:50 Sources 1

About this happening: **CVE-2023-33538** in **discontinued TP-Link routers** is still being probed, leaving exposed devices at risk of **arbitrary command execution** and **denial of service** if attac...

Open Happening

Cisco IMC password change authentication bypass (CVE-2026-20093)

Vulnerability
First: 02.04.2026 14:01 Last: 02.04.2026 14:01 Sources 1

About this happening: Cisco released **security updates** for **Cisco IMC/CIMC** after a **password-change authentication bypass** was found that lets **unauthenticated attackers** gain **Admin access*...

Open Happening

Timeline

  2. 05.06.2026 11:38 1 articles · 14h ago

    Attackers begin exploiting CVE-2026-3300 in Everest Forms Pro

    Exploitation Observed

    Attackers were observed exploiting CVE-2026-3300 in Everest Forms Pro starting April 13, 2026, using crafted string-type form field input through the Complex Calculation feature to execute arbitrary PHP code and enable complete site compromise.

    Show sources
    Open in new tab
  3. 05.06.2026 11:38 2 articles · 14h ago

    Wordfence details active Everest Forms Pro CVE-2026-3300 exploitation

    Initial Disclosure

    Wordfence reported active exploitation of Everest Forms Pro CVE-2026-3300 on June 5, 2026, saying more than 29,300 exploit attempts had been blocked to date and that attackers commonly tried to create an administrator account named diksimarina with email address [email protected].

    Show sources
    Open in new tab