Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-6443— Essentialplugin Plugins (Various Versions) - Injected Backdoor

CVSS 9.8 · Critical EPSS 0.06% · P18
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-6443

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Essentialplugin Plugins (Various Versions) - Injected Backdoor
Source: NVD (National Vulnerability Database)
Vulnerability Description
All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
内嵌的恶意代码
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress plugin Accordion and Accordion Slider 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Accordion and Accordion Slider 1.4.6版本存在安全漏洞,该漏洞源于插件被出售给恶意威胁行为者并嵌入了后门,可能导致威胁行为者维持持久后门并向受影响站点注入垃圾信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
essentialpluginAccordion and Accordion Slider 1.4.6 -
essentialpluginPortfolio and Projects 1.5.6 -
essentialpluginFeatured Post Creative 1.5.7 -
essentialpluginPost grid and filter ultimate 1.7.4 -
essentialpluginWP Featured Content and Slider 1.7.6 -
essentialpluginPost Ticker Ultimate 1.7.6 -
essentialpluginTrending/Popular Post Slider and Widget 1.8.6 -
essentialpluginMeta Slider and Carousel with Lightbox 2.0.8 -
essentialpluginAlbum and Image Gallery Plus Lightbox 2.1.8 -
essentialpluginTimeline and History slider 2.4.5 -
essentialpluginWP Blog and Widgets 2.6.6 -
essentialpluginCountdown Timer Ultimate 2.6.9 -
essentialpluginBlog Designer – Post and Widget 2.7.7 -
essentialpluginTeam Slider and Team Grid Showcase plus Team Carousel 2.8.6 -
essentialpluginVideo gallery and Player 2.8.7 -
essentialpluginPopup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions 2.9.1 -
essentialpluginTestimonial Grid and Testimonial Slider plus Carousel with Rotator Widget 3.5.6 -
essentialpluginWP Responsive Recent Post Slider/Carousel 3.7.1 -
essentialpluginWP Slick Slider and Image Carousel 3.7.8.1 -
essentialpluginWP Logo Showcase Responsive Slider and Carousel 3.8.7 -
essentialpluginWP responsive FAQ with category plugin 3.9.5 -
essentialpluginWP News and Scrolling Widgets 5.0.6 -

II. Public POCs for CVE-2026-6443

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-6443

登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: Accordion and Accordion Slider
Same vendor: essentialplugin
Same weakness: CWE-506

V. Comments for CVE-2026-6443

No comments yet

Leave a comment