Post
CRITICAL ⚡ MUST-KNOW

CVE-2026-3300: Critical Everest Forms Pro Flaw Actively Exploited for WordPress Takeover

· cve · vulnerability · rce · zero-day

Threat actors are actively exploiting CVE-2026-3300, a critical vulnerability in the Everest Forms Pro WordPress plugin, to achieve full site takeover. The flaw allows unauthenticated attackers to completely compromise a vulnerable WordPress installation.

Everest Forms Pro is widely deployed across WordPress sites. Site administrators should apply the vendor patch immediately or deactivate the plugin until the update can be applied. Hosting providers running managed WordPress environments should check for indicators of compromise across their customer base.