Close Menu
Most Read

Hackers Exploit Everest Forms Vulnerability to Take Over Sites

Staff WriterBy No Comments2 Mins Read2 Views

Essential Insights

  1. Exploitation of CVE-2026-3300 in Everest Forms Pro allows unauthenticated attackers to execute arbitrary PHP code, enabling site takeover and creation of malicious admin accounts.
  2. Attackers are using skimming malware that abuses trusted services like Stripe and Google Tag Manager to covertly exfiltrate stolen card data from e-commerce platforms.
  3. A large-scale, ongoing campaign impersonates major brands via fake storefronts, utilizing WebSocket exfiltration and real-time 3DS challenge relaying to steal payment information undetected.

Threat Overview, Attack Techniques, and Targets

Threat actors are actively exploiting a critical vulnerability in the Everest Forms Pro plugin for WordPress. This flaw is identified as CVE-2026-3300 and has a high CVSS score of 9.8. All versions up to 1.9.12 are affected. Attackers are using a technique that involves injecting malicious PHP code into websites. They do this by submitting specially crafted form data that the plugin’s Calculation Addon’s process_filter() function mishandles.

Once the malicious code is injected, attackers can execute it remotely. This allows them to take control of the website. Their goal is to create rogue administrator accounts, install web shells, and gain persistent access. The targeted sites are WordPress-based and use Everest Forms Pro for handling forms. The attacks have been ongoing since April 13, 2026. Efforts to exploit the flaw have been frequent, with over 29,300 blocked attempts. Most of these attempts focus on creating a new administrator account named "diksimarina."

Impact, Security Implications, and Remediation Guidance

The impact of this vulnerability is serious. Successful exploitation can let attackers execute arbitrary PHP code on the server. This means they can potentially take full control of the website. They could add new admin accounts, install malicious software, or access sensitive data. The security implication is that compromised websites become a stepping stone for further attacks or data theft.

According to security reports, a patch for this flaw was released on March 18, 2026, in version 1.9.13 of the plugin. Users are strongly advised to update to this version or later. Given the severity and active exploitation, quick action is necessary to reduce risk. If you need detailed remediation steps, you should consult the vendor or trusted cybersecurity authorities for specific guidance.

Continue Your Tech Journey

Stay informed on the revolutionary breakthroughs in Quantum Computing research.

Explore past and present digital transformations on the Internet Archive.

ThreatIntel-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.