Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Everest Forms Pro plugin patch for CVE-2026-3300

Security Patch Release
First reported
Last updated
Happening score
H score 43
1 unique sources, 1 articles

Summary

Hide ▲

The Everest Forms developer released a patch for CVE-2026-3300 in Everest Forms Pro on March 18, closing an unauthenticated arbitrary code execution flaw affecting versions 1.9.12 and earlier. The update matters because the vulnerable plugin could let attackers gain complete control of WordPress sites before administrators apply the fix.

Related Happenings

Everest Forms Pro CVE-2026-3300 active exploitation wave

Exploitation Wave
First: 05.06.2026 11:38 Last: 05.06.2026 11:38 Sources 1

How related: According to Wordfence data, active exploitation started on April 13, with the firewall blocking over 29,300 attempts.

About this happening: Active exploitation of **CVE-2026-3300** in **Everest Forms Pro** is driving **complete site compromise** risk for WordPress sites. Attackers have been using the flaw for arbitrar...

Open Happening

The vendor security patch release for CVE-2026-8206

Security Patch Release
First: 03.06.2026 01:12 Last: 03.06.2026 01:12 Sources 1

About this happening: **Kirki - Freeform Page Builder, Website Builder & Customizer** shipped **version 6.0.7** to fix **CVE-2026-8206**, a privilege-escalation flaw that could let attackers take over...

Open Happening

WP Maps Pro 6.1.1 security patch for CVE-2026-8732

Security Patch Release
First: 31.05.2026 17:06 Last: 31.05.2026 17:06 Sources 1

About this happening: **WP Maps Pro 6.1.1** was released to fix **CVE-2026-8732**, giving WordPress administrators a patch for a flaw that enabled **unauthenticated administrator-account creation**. Th...

Open Happening

Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)

Security Patch Release
First: 15.05.2026 18:56 Last: 15.05.2026 18:56 Sources 1

About this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...

Open Happening

CPanel security patch release for CVE-2026-29201

Security Patch Release
First: 09.05.2026 10:16 Last: 09.05.2026 10:16 Sources 1

About this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...

Open Happening

Timeline

  1. 06.06.2026 17:09 2 articles · 2h ago

    Everest Forms developer patches CVE-2026-3300 in Everest Forms Pro

    Mitigation Patch Update

    The Everest Forms developer releases a patch for CVE-2026-3300 in Everest Forms Pro on March 18, closing an unauthenticated arbitrary code execution flaw in versions 1.9.12 and earlier that can be triggered through the plugin’s Complex Calculation feature.

    Show sources
    Open in new tab
  2. 06.06.2026 17:09 1 articles · 2h ago

    Attackers exploit CVE-2026-3300 to create rogue WordPress administrator accounts

    Exploitation Observed

    On April 13, Wordfence telemetry shows active exploitation of CVE-2026-3300 against WordPress sites using Everest Forms Pro, with more than 29,300 blocked attempts and injected PHP code creating rogue administrator accounts such as 'diksimarina'.

    Show sources
    Open in new tab
  3. 06.06.2026 17:09 1 articles · 2h ago

    Wordfence publishes indicators for CVE-2026-3300 exploitation in Everest Forms Pro

    Detection Ioc Update

    Wordfence publishes attacker indicators for CVE-2026-3300, saying exploitation attempts originate primarily from 202.56.2[.]126 and 209.146.60.26 and advising defenders to block them and review administrator accounts and logs for suspicious activity, especially entries containing 'diksimarina'.

    Show sources
    Open in new tab