1. Forum
  2. tqwNet
  3. TQW GENTECH

  • WordPress users beware experts claim sites are being hijacked us

    From TechnologyDaily@1337:1/100 to All on Tuesday, June 09, 2026 01:30:25
    WordPress users beware experts claim sites are being hijacked using a critical flaw in popular Everest Forms Pro plugin

    Date:
    Tue, 09 Jun 2026 00:20:00 +0000

    Description:
    A popular WordPress plugin is once again being leveraged in website takeover attacks.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Critical RCE flaw in Everest Forms Pro (CVE20263300) actively exploited Attackers create rogue admin account diksimarina via PHP injection Nearly 30,000 takeover attempts
    blocked; admins urged to patch and block key IPs Security researchers are warning of an ongoing hacking campaign targeting certain WordPress websites using a popular plugin tool.

    Wordfence has claimed Everest Forms Pro, a popular WordPress plugin , was allegedly being used to create contract, registration, payment, and other application forms, carried a critical-severity vulnerability that allowed malicious actors to take over the sites entirely. The bug was described as a Remote Code Execution (RCE) flaw via PHP code injection. It is tracked as CVE-2026-3300 and was given the severity rating of 9.8/10 (critical). It affects all versions of the plugin up to, and including, 1.9.12. Latest
    Videos From Watch full video here: Patched months ago Wordfence is now
    warning that the flaw is being actively abused in the wild to create
    malicious admin accounts on vulnerable websites:

    The attacker submits a value for a text field that begins with a single quote to close the wrapping string literal, followed by a PHP statement that calls wp_insert_user() to create a new administrator account with the username 'diksimarina, Wordfence warned in its report. You may like 60,000 WordPress sites at risk due to plugin security flaw WP Maps Pro plugin flaw to create admin accounts on WordPress sites saw 3,600 attempts in a single day Over a million WordPress sites hit in plugin flaw so patch now or face the consequences

    The trailing // comment marker ensures the rest of the generated PHP code, including the closing quote, is treated as a comment and does not cause a syntax error. When the form is processed, and the calculation is evaluated, the injected PHP code is executed, and the malicious administrator account is created.

    By creating an admin account, malicious actors can do almost anything with
    the website, including exfiltrating stored files, redirecting visitors, or even serving malware. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    The bug was first disclosed in February this year, and by mid-March, the Everest Forms developer released a fix. Wordfence says that exploitation attempts started roughly a month later, in mid-April. So far, it thwarted almost 30,000 attempts, most of which came from two IP addresses.

    Admins worried about being potential targets should block the two IP
    addresses 202.56.2[.]126 and 209.146.60.26, and should review log files for the string diksimarina.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/wordpress-sites-are-being-hijacked-usin g-a-critical-flaw-in-everest-forms-pro


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)