Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: everest-forms (1 article)Clear

Critical Everest Forms WordPress plugin flaw exploited to create rogue admins

Wordfence reports active exploitation of CVE-2026-3300 (CVSS 9.8), a remote code execution flaw in the Everest Forms Pro WordPress plugin (about 4,000 active installations) affecting all versions up to 1.9.12. The Calculation Addon's process_filter() function concatenates user-submitted form-field values into a PHP string and passes it to eval() without proper escaping; sanitize_text_field() does not escape single quotes, so unauthenticated attackers can inject and run arbitrary PHP by submitting a crafted value in any string-type field when a form uses the Complex Calculation feature. Exploitation began April 13; Wordfence has blocked 29,300+ attempts. The common payload creates a rogue admin named 'diksimarina.' Patch 1.9.13 shipped March 18.

Check
Inventory WordPress sites for Everest Forms Pro and confirm version 1.9.13 or later. Audit for a rogue admin named 'diksimarina' and review forms using the Complex Calculation feature.
Affected
Everest Forms Pro versions up to 1.9.12 using the Complex Calculation feature. Unauthenticated attackers inject PHP via any string-type field into an unescaped eval(). Exploited since April 13.
Fix
Upgrade Everest Forms Pro to 1.9.13 immediately. Remove rogue admins (e.g. 'diksimarina'), rotate admin credentials, and audit for web shells. Block the published attacker IPs.