CVE-2026-6443

CRITICAL 9.8

Essentialplugin Plugins (Various Versions) - Injected Backdoor

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

14th

All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.

CWE	CWE-506
Vendor	essentialplugin
Product	accordion and accordion slider
Published	Apr 17, 2026
Last Updated	Apr 21, 2026

Stay Ahead of the Next One

Get instant alerts for essentialplugin accordion and accordion slider

Be the first to know when new critical vulnerabilities affecting essentialplugin accordion and accordion slider are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

essentialplugin / Accordion and Accordion Slider

1.4.6

essentialplugin / Portfolio and Projects

1.5.6

essentialplugin / Featured Post Creative

1.5.7

essentialplugin / Post grid and filter ultimate

1.7.4

essentialplugin / WP Featured Content and Slider

1.7.6

essentialplugin / Post Ticker Ultimate

1.7.6

essentialplugin / Trending/Popular Post Slider and Widget

1.8.6

essentialplugin / Meta Slider and Carousel with Lightbox

2.0.8

essentialplugin / Album and Image Gallery Plus Lightbox

2.1.8

essentialplugin / Timeline and History slider

2.4.5

essentialplugin / WP Blog and Widgets

2.6.6

essentialplugin / Countdown Timer Ultimate

2.6.9

essentialplugin / Blog Designer – Post and Widget

2.7.7

essentialplugin / Team Slider and Team Grid Showcase plus Team Carousel

2.8.6

essentialplugin / Video gallery and Player

2.8.7

essentialplugin / Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions

2.9.1

essentialplugin / Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget

3.5.6

essentialplugin / WP Responsive Recent Post Slider/Carousel

3.7.1

essentialplugin / WP Slick Slider and Image Carousel

3.7.8.1

essentialplugin / WP Logo Showcase Responsive Slider and Carousel

3.8.7

essentialplugin / WP responsive FAQ with category plugin

3.9.5

essentialplugin / WP News and Scrolling Widgets

5.0.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/2597724a-9a39-4e46-b153-f42366f833ba?source=cve anchor.host: https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/

Credits

Eu Joe Chegne Damien