WordPress Site Owners: Update Everest Forms Plugin Immediately to Prevent Hacking

A serious security vulnerability in Everest Forms, a plugin used by WordPress websites to create contact forms and surveys, has been actively exploited by hackers. The flaw allows attackers to remotely take control of websites without needing any login credentials. This exploitation has been happening in the wild for two months. If you run a WordPress website and use the Everest Forms plugin, your site could be vulnerable or may have already been compromised. Attackers can use this flaw to inject malicious code, steal visitor information, redirect users to harmful websites, or completely take over your site.

Even if you only use your site for a small business, family blog, or community organization, it can be targeted.

Here is what you need to do right now:

1. Log into your WordPress dashboard immediately.
2. Go to Plugins and look for Everest Forms.
3. Update the plugin to the latest version. If an update is available, install it immediately.
4. If you cannot update right away, deactivate and delete the Everest Forms plugin until you can safely update it.
5. Check your website for any unusual pages, posts, or user accounts you did not create.
6. Consider having a web professional review your site if you are unsure whether it was compromised. Going forward, make updating your WordPress plugins a regular habit. Set a monthly reminder to check for updates, or enable automatic updates for plugins when possible. Most WordPress hacks happen because of outdated plugins, not because of sophisticated attacks. Keeping everything current is your best defense against these types of threats.