Everest Forms WordPress Plugin Vulnerability Actively Exploited for Remote Code Execution

A vulnerability in the Everest Forms WordPress plugin has been actively exploited for approximately two months, allowing attackers to execute arbitrary remote code. The flaw affects WordPress sites using the plugin, though no specific CVE ID, affected versions, or technical details of the exploit mechanism were provided. Attacks have been observed in the wild, targeting vulnerable installations to compromise websites. The impact includes unauthorized code execution, which could lead to full site takeover or further malicious activity. No attribution to specific threat actors or geographic targeting was mentioned.