97 matches found
CVE-2026-10862
The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and...
WordPress Accordions plugin <= 2.3.23 - Authenticated (Custom+) Stored Cross-Site Scripting vulnerability
Authenticated Custom+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Accordion versions = 2.3.23...
CVE-2026-7467
The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported...
EUVD-2026-31035
The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of escsql without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit and...
PT-2026-42073
Name of the Vulnerable Software and Affected Versions Read More & Accordion versions prior to 3.5.8 Description The plugin is subject to privilege escalation because the RadMoreAjax::importData function fails to restrict which database tables can be written to during import and does not properly...
EUVD-2026-23384
The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a...
CVE-2026-6443
All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a...
CVE-2026-6443 Essentialplugin Plugins (Various Versions) - Injected Backdoor
All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a...
CVE-2026-6443
The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a...
WordPress plugin Accordion and Accordion Slider 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-33416
Name of the Vulnerable Software and Affected Versions Accordion and Accordion Slider version 1.4.6 Description The plugin contains an injected backdoor resulting from a supply chain attack where the software was sold to a malicious threat actor. This allows the actor to maintain persistent access...
WordPress Accordion and Accordion Slider plugin <= 1.4.6 - Backdoor vulnerability
Backdoor vulnerability discovered by ? in WordPress Plugin Accordion and Accordion Slider versions = 1.4.6...
CVE-2026-0727
The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'wpaassaveattachmentdata' and...
CVE-2026-0727 Accordion and Accordion Slider <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Attachment Metadata Modification
The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'wpaassaveattachmentdata' and...
CVE-2026-0727
A concrete vulnerability is reported in WordPress Plugin Accordion and Accordion Slider (versions
CVE-2026-0727
The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'wpaassaveattachmentdata' and...
WordPress plugin Accordion and Accordion Slider 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
WordPress Accordion and Accordion Slider plugin <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Attachment Metadata Modification vulnerability
Missing Authorization to Authenticated Contributor+ Attachment Metadata Modification vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Accordion and Accordion Slider versions = 1.4.5...
CVE-2026-24565
Insertion of Sensitive Information Into Sent Data vulnerability in bPlugins B Accordion b-accordion allows Retrieve Embedded Sensitive Data.This issue affects B Accordion: from n/a through = 2.0.2...
CVE-2026-24591 WordPress Turn Yoast SEO FAQ Block to Accordion plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion allows Stored XSS.This issue affects Turn Yoast SEO FAQ Block to Accordion: from n/a through = 1.0.6...