WordPress Website Plugin Flaw Lets Hackers Take Complete Control

A serious security flaw in a WordPress plugin called Everest Forms Pro is being actively exploited by hackers right now. This plugin helps website owners create contact forms and surveys. The vulnerability, labeled CVE-2026-3300 (an industry tracking number for this software flaw), allows hackers to take complete control of affected WordPress websites. This affects you if you run a WordPress website that uses the Everest Forms Pro plugin. Hackers exploiting this flaw can gain full administrative access to your website. They could change content, steal visitor information, install malicious software, or completely delete your site.

Even if you are not actively managing your WordPress site right now, it could still be vulnerable and under attack.

If you use WordPress, take these actions immediately:

1. Log into your WordPress dashboard and go to the Plugins section.
2. Check if you have Everest Forms Pro installed. Look for it in your list of active plugins.
3. If you have this plugin, update it immediately to the latest version. Click the update button next to the plugin name.
4. If an update is not available yet, deactivate the plugin temporarily until a security patch is released.
5. Review your website for any unexpected changes, new administrator accounts, or unfamiliar content.
6. Consider contacting your web hosting provider for additional security scanning and support. Keep all WordPress plugins, themes, and the WordPress software itself updated regularly. Outdated plugins are one of the most common ways hackers break into websites. Set a monthly reminder to check for updates, or enable automatic updates for trusted plugins. If you have not logged into your WordPress site in months, do so today to check for critical security updates.