Lucene search
K

84 matches found

Cvelist
Cvelist
added 2026/04/17 6:44 a.m.32 views

CVE-2026-6443 Essentialplugin Plugins (Various Versions) - Injected Backdoor

All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a...

9.8CVSS0.00495EPSS
Exploits0References2
CVE
CVE
added 2026/04/17 6:44 a.m.38 views

CVE-2026-6443

CVE-2026-6443 affects Essentialplugin plugins for WordPress. The backdoor is injected in multiple plugin versions after a malicious actor acquired the plugins, enabling the attacker to maintain persistent access and inject spam across affected sites. Specific public details include an injected ba...

9.8CVSS5.8AI score0.00495EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.9 views

WordPress plugin Accordion and Accordion Slider 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS5.8AI score0.00495EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/14 11:36 a.m.12 views

WordPress Accordion and Accordion Slider plugin <= 1.4.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Accordion and Accordion Slider versions = 1.4.6...

5.8AI score
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/14 7:16 a.m.13 views

CVE-2026-0727

The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'wpaassaveattachmentdata' and...

5.4CVSS0.00266EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/14 6:42 a.m.3 views

CVE-2026-0727 Accordion and Accordion Slider <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Attachment Metadata Modification

The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'wpaassaveattachmentdata' and...

5.4CVSS5.5AI score0.00266EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.9 views

WordPress plugin Accordion and Accordion Slider 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

5.4CVSS5.8AI score0.00266EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/13 10:38 p.m.7 views

WordPress Accordion and Accordion Slider plugin <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Attachment Metadata Modification vulnerability

Missing Authorization to Authenticated Contributor+ Attachment Metadata Modification vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Accordion and Accordion Slider versions = 1.4.5...

5.4CVSS5.5AI score0.00266EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/22 5:15 p.m.4 views

CVE-2025-49066

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Accordion Slider PRO accordionsliderpro allows Reflected XSS.This issue affects Accordion Slider PRO: from n/a through = 1.2...

7.1CVSS0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 4:51 p.m.24 views

CVE-2025-49066 WordPress Accordion Slider PRO plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Accordion Slider PRO accordionsliderpro allows Reflected XSS.This issue affects Accordion Slider PRO: from n/a through = 1.2...

7.1CVSS0.0023EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:51 p.m.9 views

CVE-2025-49066

CVE-2025-49066 is a Reflected XSS in the WordPress plugin Accordion Slider PRO (accordion_slider_pro) affecting versions up to 1.2. The root cause is improper input neutralization during web page generation. The connected sources confirm the vulnerability and affected range, but none provide a pu...

7.1CVSS5.4AI score0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/22 4:51 p.m.2 views

CVE-2025-49066 WordPress Accordion Slider PRO plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Accordion Slider PRO accordionsliderpro allows Reflected XSS.This issue affects Accordion Slider PRO: from n/a through = 1.2...

7.1CVSS5.9AI score0.0023EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:51 p.m.1 views

CVE-2025-49066

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Accordion Slider PRO accordionsliderpro allows Reflected XSS.This issue affects Accordion Slider PRO: from n/a through = 1.2...

6.1CVSS5.3AI score0.0023EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.10 views

PT-2026-3973

Name of the Vulnerable Software and Affected Versions Accordion Slider PRO versions through 1.2 Description The software contains a flaw related to improper handling of user-supplied data during web page creation, which can lead to Reflected Cross-site Scripting XSS. This means that malicious cod...

5.5AI score0.0023EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.9 views

WordPress plugin accordion_slider_pro has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.7AI score0.0023EPSS
Exploits0References1
CNVD
CNVD
added 2026/01/19 12:0 a.m.4 views

WordPress Responsive Accordion Slider plugin unauthorized data modification vulnerability

WordPress Responsive Accordion Slider plugin is a WordPress plugin that combines the functionality of folding panels Accordion and rotating images Slider. The WordPress Responsive Accordion Slider plugin suffers from an unauthorized data modification vulnerability that stems from a lack of...

4.3CVSS5.9AI score0.00233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/15 6:21 a.m.13 views

CVE-2026-0635

The Responsive Accordion Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'respaccordionsildersaveimages' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with...

4.3CVSS5.1AI score0.00233EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/14 5:28 a.m.25 views

CVE-2026-0635 Responsive Accordion Slider <= 1.2.2 - Missing Authorization to Authenticated (Contributor+) Slider Update via 'resp_accordion_silder_save_images'

The Responsive Accordion Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'respaccordionsildersaveimages' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with...

4.3CVSS0.00233EPSS
Exploits0References2
CVE
CVE
added 2026/01/14 5:28 a.m.13 views

CVE-2026-0635

The CVE concerns the WordPress plugin Responsive Accordion Slider. A missing capability check in the resp_accordion_silder_save_images function in all versions up to and including 1.2.2 allows authenticated attackers with Contributor-level access or higher to modify any slider’s image metadata (t...

4.3CVSS4.7AI score0.00233EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/14 5:28 a.m.3 views

CVE-2026-0635 Responsive Accordion Slider <= 1.2.2 - Missing Authorization to Authenticated (Contributor+) Slider Update via 'resp_accordion_silder_save_images'

The Responsive Accordion Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'respaccordionsildersaveimages' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with...

4.3CVSS4.7AI score0.00233EPSS
Exploits0References2
Rows per page
Query Builder