Everest Forms Pro Security Flaw Enables Remote Code Execution on WordPress Websites

Last updated on by on Categories ,
Try Our Free Tools!
Master the web with Free Tools that work as hard as you do. From Text Analysis to Website Management, we empower your digital journey with expert guidance and free, powerful tools.
Let's Try Now!

Severe Vulnerability in Everest Forms Pro Plugin Targeted for Exploitation

A significant vulnerability within the Everest Forms Pro plugin for WordPress has been ruthlessly exploited, facilitating the hijacking of susceptible websites.

Recent analysis by the cybersecurity firm Wordfence indicates that this remote code execution flaw permits unauthorized attackers to execute PHP commands on compromised servers, effectively seizing control of the affected sites.

This critical issue, designated as CVE-2026-3300, exhibits a staggering 9.8 rating on the CVSS scale and impacts all versions up to and including 1.9.12.

Developed by WPEverest, Everest Forms Pro is a commercial form builder with approximately 4,000 active installations.

The vulnerability was initially identified by a researcher known as h0xilo, who reported it through Wordfence’s bug bounty initiative.

WPEverest has since addressed this flaw in version 1.9.13. Websites operating on earlier iterations remain at considerable risk, prompting administrators to implement the necessary updates posthaste.

Failures in Sanitization Enable Code Injection

The crux of the vulnerability lies within the Calculation add-on of the WordPress plugin, which executes calculation formulas via PHP’s eval() function.

Field values submitted are concatenated into this PHP string prior to execution, and the function sanitize_text_field() fails to escape single quotes.

An attacker can exploit this by introducing a value with a quote, thus breaking out of the surrounding string and injecting malicious PHP code that eval() subsequently executes.

Only forms utilizing the “Complex Calculation” feature are vulnerable to this PHP code injection. A variety of entries—including text, email, URL, select, or radio fields—can serve as potential access points.

This sets the stage for an attacker to create unauthorized administrator accounts, deploy webshells, and establish additional footholds within the compromised infrastructure.

Emergence of Rogue Admin Accounts and Countermeasures Against Attacks

Wordfence’s telemetry reveals that attacks commenced on April 13, 2026, approximately two weeks following public acknowledgment of the vulnerability. The primary payload of these attacks sought to register an administrator account under the moniker “diksimarina.”

In total, the firm has recorded over 29,300 blocked exploitation attempts. A notable spike occurred on May 16, during which more than 17,900 attempts were thwarted in a single day.

Log Monitoring Recommendations for Defenders

Defenders scrutinizing their logs should be vigilant for the following indicators:

  • Administrator account registered as “diksimarina.”
  • Email address: [email protected].
  • Requests originating from 202.56.2.126, which is the source of over 26,300 blocked attempts.
A laptop on a speckled surface displays the WordPress logo on its screen.

Flaws that grant attackers administrative privileges continue to pose a recurring challenge for WordPress administrators.

Source link: Infosecurity-magazine.com.

Disclosure: This article is for general information only and is based on publicly available sources. We aim for accuracy but can't guarantee it. The views expressed are the author's and may not reflect those of the publication. Some content was created with help from AI and reviewed by a human for clarity and accuracy. We value transparency and encourage readers to verify important details. This article may include affiliate links. If you buy something through them, we may earn a small commission — at no extra cost to you. All information is carefully selected and reviewed to ensure it's helpful and trustworthy.

Reported By

Souvik Banerjee

I’m Souvik Banerjee from Kolkata, India. As a Marketing Manager at RS Web Solutions (RSWEBSOLS), I specialize in digital marketing, SEO, programming, web development, and eCommerce strategies. I also write tutorials and tech articles that help professionals better understand web technologies.
Share the Love
Related News Worth Reading
 
Try Our Free Tools!
Master the web with Free Tools that work as hard as you do. From Text Analysis to Website Management, we empower your digital journey with expert guidance and free, powerful tools.
Let's Try Now!

We provide the best tutorials, reviews, and recommendations on all technology and open-source web-related topics. Surf our site to extend your knowledge base on the latest web trends.

Trustpilot
Content Safety

HERO

rswebsols.com
Trustworthy

Approved by Sur.ly

Important Links
Free Tools
Categories
Popular Topics
Our Partners
Copyright © 2026 - RS Web Solutions (RSWEBSOLS) | All Rights Reserved. Image credit: Unsplash | Pixabay | Pexels | Freepik.