{"id":226521,"date":"2026-06-05T03:10:07","date_gmt":"2026-06-05T07:10:07","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/05\/everest-forms-pro-vulnerability-allows-remote-code-execution\/"},"modified":"2026-06-05T03:10:11","modified_gmt":"2026-06-05T07:10:11","slug":"everest-forms-pro-vulnerability-allows-remote-code-execution","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/05\/everest-forms-pro-vulnerability-allows-remote-code-execution\/","title":{"rendered":"Everest Forms Pro Vulnerability Allows Remote Code Execution"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/everest-forms-pro-rce-actively\/\">Everest Forms Pro Vulnerability Allows Remote Code Execution<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/everest-forms-pro-rce-actively\/\">https:\/\/www.infosecurity-magazine.com\/news\/everest-forms-pro-rce-actively\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-04 11:15:12<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<h3>Critical Vulnerability in Everest Forms Pro Plugin<\/h3>\n<p>A severe remote code execution vulnerability, identified as CVE-2026-3300 and rated 9.8 on the CVSS scale, has been exploited to hijack websites using the Everest Forms Pro plugin for WordPress. The flaw impacts every version from the initial release up to version 1.9.12, leaving approximately 4000 sites at risk. The issue stems from the Calculation add-on employing PHP&#8217;s eval() function without proper sanitization, enabling an attacker to execute arbitrary code by manipulating form submissions that include single quotes. The vulnerability was disclosed by a researcher through Wordfence&#8217;s bug bounty program and fixed in version 1.9.13. Exploitation efforts have surged, particularly on May 16, with Wordfence blocking over 17,900 attack attempts within a single day. The primary attack vector has registered a rogue administrator account named &#8220;diksimarina,&#8221; sending emails to diksimarina@gmail.com, and originating primarily from the IP address 202.56.2.126.<\/p>\n<h3>Key Points:<\/h3>\n<ul>\n<li>A critical remote code execution vulnerability affects Everest Forms Pro plugin versions up to 1.9.12.<\/li>\n<li>The vulnerability, tracked as CVE-2026-3300, allows unauthenticated users to run malicious PHP code.<\/li>\n<li>Exploitation primarily targets the Calculation add-on&#8217;s &#8220;Complex Calculation&#8221; feature leading to server code injection.<\/li>\n<li>More than 29,300 exploitation attempts have been blocked by Wordfence&#8217;s firewall since early April.<\/li>\n<li>Urgent action is required for sites using affected plugins to update to the patched version 1.9.13 to prevent compromise.<\/li>\n<\/ul>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Everest Forms Pro Vulnerability Allows Remote Code Execution https:\/\/www.infosecurity-magazine.com\/news\/everest-forms-pro-rce-actively\/ Publish Date: 2026-06-04 11:15:12 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":226522,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/7f65392a-3b9e-4f4a-b00a-0927f98a94f7.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[27],"class_list":["post-226521","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226521"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=226521"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226521\/revisions"}],"predecessor-version":[{"id":226523,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/226521\/revisions\/226523"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/226522"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=226521"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=226521"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=226521"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}