CVE-2026-6443

All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a...

EUVD-2026-23384

The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a...

CVE-2026-6443

All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a...

CVE-2026-6443 Essentialplugin Plugins (Various Versions) - Injected Backdoor

All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a...

CVE-2026-6443

CVE-2026-6443 affects Essentialplugin plugins for WordPress. The backdoor is injected in multiple plugin versions after a malicious actor acquired the plugins, enabling the attacker to maintain persistent access and inject spam across affected sites. Specific public details include an injected ba...

CVE-2026-6443 Essentialplugin Plugins (Various Versions) - Injected Backdoor

All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a...

CVE-2026-6443

The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a...

WordPress plugin Accordion and Accordion Slider 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-33416

Name of the Vulnerable Software and Affected Versions Accordion and Accordion Slider version 1.4.6 Description The plugin contains an injected backdoor resulting from a supply chain attack where the software was sold to a malicious threat actor. This allows the actor to maintain persistent access...

Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images

Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites. mu-plugins, short for must-use plugins, refers to plugins in a special directory...

YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites

As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues. The findings come from a new tool called YODA that aims to detect rogue WordPress plugins and trac...

WordPress NextGEN Gallery Plugin < 3.5.0 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:imagely:nextgengallery"; if description...

Rogue Wordpress Plugin Allowed Spam Injection

A popular WordPress plugin called Display Widgets running on 200,000 sites was removed from the official WordPress.org plugin repository after researchers discovered the plugin had a backdoor that was injecting spam ads into victims’ sites. According to researchers at Wordfence who publicly...