WordPress Website Owners: Update Your Forms Plugin Immediately

Hackers are currently attacking websites that use a WordPress plugin called Everest Forms Pro. This plugin helps website owners create contact forms, registration forms, and other types of forms on their sites. A critical security flaw in the plugin allows hackers to take complete control of affected websites. About 4,000 websites currently use this plugin. If you run a WordPress website and use Everest Forms Pro for any of your forms, your entire website could be compromised.

Hackers can use this flaw to execute their own code on your site, which means they can steal customer information, deface your website, install malware, or use your site to attack others. The vulnerability affects all versions of the plugin up to and including version 1.9.

12. You need to take action immediately if you use this plugin. First, log into your WordPress dashboard right now. Go to the Plugins section and look for Everest Forms Pro. If you see it listed, check the version number. If it is version 1.9.12 or lower, update it immediately to the latest version. The company has released a patch that fixes this security hole. If you cannot update right away, disable the plugin temporarily until you can install the update. Second, after updating, review your website carefully for any suspicious changes or new administrator accounts you do not recognize. If you find anything unusual, contact a WordPress security professional immediately. For long-term protection, always keep your WordPress plugins updated. Enable automatic updates if possible, or set a weekly reminder to check for updates manually. Only install plugins from reputable developers with good reviews and recent update histories. Remove any plugins you are not actively using, as each plugin represents a potential security risk. Consider using a WordPress security plugin that monitors for vulnerabilities and suspicious activity on your site.