Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 CVSS score: 9.8, a remote code execution...

Attackers Actively Exploiting Critical Vulnerability in Everest Forms Pro Plugin

On March 30th, 2026, we publicly disclosed a critical Remote Code Execution vulnerability in Everest Forms Pro, a WordPress plugin with an estimated 4,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to execute arbitrary PHP code on the server, leading to...

EUVD-2026-11893

Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through = 1.9.13...

CVE-2026-32386

CVE-2026-32386 relates to a Missing Authorization vulnerability in the WordPress Envo Extra plugin (EnvoThemes) version ≤ 1.9.13. The issue is described as broken access control due to incorrectly configured security levels, potentially enabling unauthorized access or actions within Envo Extra. T...

CVE-2026-32386

Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through = 1.9.13...

WordPress plugin Envo Extra 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-25233

CVE-2026-32386 Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Env… https://t.co/TLpODOYbto...

WordPress Accordion Slider plugin <= 1.9.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Accordion Slider versions = 1.9.13...

CVE-2025-66092

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bqworks Accordion Slider accordion-slider allows Stored XSS.This issue affects Accordion Slider: from n/a through = 1.9.13...

EUVD-2025-198456

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bqworks Accordion Slider accordion-slider allows Stored XSS.This issue affects Accordion Slider: from n/a through = 1.9.13...

CVE-2025-66092 WordPress Accordion Slider plugin <= 1.9.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bqworks Accordion Slider accordion-slider allows Stored XSS.This issue affects Accordion Slider: from n/a through = 1.9.13...

CVE-2025-66092

CVE-2025-66092 concerns the WordPress Accordion Slider plugin, where the accordion-slider component is vulnerable to Stored XSS due to improper input filtering and escaping. Multiple sources (CNVD, EUVD, RH, NVD, CVE list entries) indicate this affects versions up to and including 1.9.13, with th...

PT-2025-47760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bqworks Accordion Slider accordion-slider allows Stored XSS.This issue affects Accordion Slider: from n/a through = 1.9.13...

WordPress plugin Compact WP Audio Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-16090 · WordPress · Compact Wp Audio Player

Name of the Vulnerable Software and Affected Versions: Compact WP Audio Player plugin for WordPress versions up to, and including, 1.9.13 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the sc embed player shortcode. This allow...

Medium: sudo

Issue Overview: Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 Sudo before 1.9.13 does not escape control characters in sudoreplay output. CVE-2023-28487 Affected Packages: sudo Issue Correction: Run dnf update sudo --releasever 2023.0.20230322 or dnf update...

CVE-2023-28486

Sudo before 1.9.13 does not escape control characters in log messages...

UBUNTU-CVE-2023-28486

Sudo before 1.9.13 does not escape control characters in log messages...

PT-2023-3592 · Sudo +10 · Sudo +10

Name of the Vulnerable Software and Affected Versions: Sudo versions prior to 1.9.13 Description: The issue is related to a lack of proper encoding or escaping of output in the Sudo program, specifically in the sudoreplay output. This allows an attacker to potentially gain access to confidential...

PT-2021-10662 · Phpcms · Phpcms

Name of the Vulnerable Software and Affected Versions: phpwcms version 1.9.13 Description: The issue allows for Code Injection via the "/phpwcms/setup/setup.php" API endpoint. Recommendations: For phpwcms version 1.9.13, at the moment, there is no information about a newer version that contains a...