If you run a WordPress website that uses the Everest Forms Pro plugin, you need to update it today. Attackers are actively exploiting a critical security flaw — tracked as CVE-2026-3300 — that lets anyone on the internet run malicious code on your web server without needing to log in first. A patch has been available since March, but hackers are still successfully targeting sites that haven’t updated.
Once inside, attackers are creating hidden administrator accounts with the username “diksimarina,” allowing them to modify your site’s content, install malware, add backdoors, and access your databases. Security researchers have logged over 29,300 attack attempts since active exploitation began in April 2026. The flaw exists in the plugin’s “Complex Calculation” feature, which fails to properly filter user input before executing it as PHP code — a classic code injection vulnerability.
How to check if you’re affected
Affected versions include Everest Forms Pro 1.9.12 and earlier. To check, log into your WordPress dashboard, go to Plugins → Installed Plugins, and look for Everest Forms Pro. If the version shown is 1.9.12 or below, your site is vulnerable.
Here is what to do right now:
- Update Everest Forms Pro to the latest version (1.9.13 or later). Go to Plugins → Installed Plugins → Update Available.
- Audit your admin accounts: go to Users → All Users and look for any account named “diksimarina” or any unfamiliar administrator you didn’t create. Delete any you don’t recognize.
- Check your access logs for requests originating from IP addresses
202.56.2[.]126or209.146.60[.]26, which are known attack sources. - If you find evidence of compromise, contact your hosting provider about a clean restore from a backup taken before April 2026.