WordPress Sites Using Everest Forms Pro Plugin Are Being Hacked

Hackers are actively breaking into WordPress websites through a serious security flaw in a plugin called Everest Forms Pro. This plugin helps website owners create contact forms, registration forms, and other types of forms on their sites. The vulnerability, tracked as CVE-2026-3300 (an industry tracking number for this software flaw), allows hackers to take complete control of affected websites. This matters if you run a WordPress website that uses the Everest Forms Pro plugin. If your site has this plugin installed and you haven't updated it recently, hackers could take over your entire website. They could steal customer information, delete your content, redirect visitors to dangerous sites, or use your website to spread malware to your visitors.

If you have a WordPress website, you need to do this immediately:

1. Log into your WordPress admin panel.
2. Go to Plugins and look for Everest Forms Pro in your list of installed plugins.
3. If you have it, update it to the latest version right away.
4. If you are not sure how to do this, contact whoever helps you manage your website and ask them to check and update immediately.
5. After updating, review your website's users list and remove any accounts you don't recognize. For long term website security, always keep WordPress and all your plugins updated. Set aside time once a week to check for updates, or hire someone to monitor your site's security. Consider using a security plugin that alerts you to vulnerabilities. If you run a business website or collect any customer information, regular security checks are not optional. They protect both you and the people who trust your site.