Critical Everest Forms Pro Flaw Exploited to Take Over WordPress Sites

**CVE-2026-3300 – Everest Forms Pro (critical, active exploitation):** A critical unauthenticated vulnerability in the Everest Forms Pro WordPress plugin enables remote full administrative takeover of sites; attackers are actively exploiting the flaw to install webshells, create rogue admins, exfiltrate form data, and redirect visitors. Site owners are advised to update or deactivate the plugin immediately, scan for compromises (unknown admin accounts, modified files, anomalous POSTs), and apply WAF mitigations while investigating.