SecurityBleepingComputerabout 9 hours ago

Everest Forms Pro flaw exploited to hijack WordPress sites

1 min read

Hackers are actively exploiting CVE-2026-3300 in Everest Forms Pro versions 1.9.12 and earlier to take over WordPress sites without authentication. The vulnerability resides in the Complex Calculation feature, which passes user input through sanitize_text_field but fails to escape single quotes, allowing PHP code injection via eval. Attackers inject code that calls wp_insert_user to create rogue admin accounts like 'diksimarina'.

Level

Hype check

Tap to vote and see what everyone thinks.

#wordpress #security #cve

Read full story

More to chew on!

AIabout 4 hours ago

Meta notifies 20,225 of Instagram account hijacks

Securityabout 14 hours ago

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog