A critical security flaw in the Everest Forms Pro plugin for WordPress allows attackers to take full control of the site. The vulnerability, already confirmed, affects thousands of users who rely on this plugin to create contact and registration forms. For visitors, the risk is direct: their personal data could be exposed if the administrator does not update the plugin to its latest version.
How the flaw operates and which versions are at risk 🛡️
The breach lies in a file upload function without proper validation. An unauthenticated attacker can send malicious files to the server, such as PHP scripts, and execute them to take control of the site. The affected versions are Everest Forms Pro prior to 2.0.7. The solution is to update immediately. If you use this plugin, check the version today; if you are a user of a site that employs it, do not enter data until the update is confirmed.
The plugin that asked for data and then apologized 😅
The funny thing is that many installed Everest Forms Pro precisely to protect their users' information. Now it turns out the guardian needed to be saved itself. It's like hiring a guard who turns out to be the one opening the back door. So, if your website was asking for personal data with this plugin, perhaps it's a good time to apologize and hurry to update.