Popular WordPress Plugin Has Security Flaw That Lets Hackers Take Over Websites

A serious security flaw has been discovered in Everest Forms Pro, a popular plugin used on WordPress websites to create contact forms and surveys. The plugin is installed on approximately 4,000 websites. Hackers have already started exploiting this vulnerability to take complete control of affected websites.

The flaw allows attackers to execute their own code on vulnerable sites remotely. If you run a WordPress website and use Everest Forms Pro for your contact forms or surveys, your site may be at risk. All versions of the plugin up to and including version 1.

9.12 are vulnerable. Hackers exploiting this flaw can gain complete control of your website, potentially stealing customer information, defacing your site, or using it to attack others. You need to take action immediately if you use this plugin. First, log into your WordPress dashboard right now.

Second, go to your plugins section and check if you have Everest Forms Pro installed. Third, if you do have it, update it immediately to the latest version, which should be newer than 1.9.

12. Fourth, if an update is not available yet, consider temporarily deactivating the plugin until a patch is released. Fifth, check your website for any unusual changes or new administrator accounts you did not create. Going forward, make updating your WordPress plugins a regular habit. Set aside time each week to check for updates to your WordPress core software, themes, and all plugins. Consider enabling automatic updates for plugins when possible. Only install plugins from reputable sources with good reviews and regular updates. The longer you wait to update, the more time hackers have to exploit known vulnerabilities.