Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

essentialplugin — Vulnerabilities & Security Advisories 5

Browse all 5 CVE security advisories affecting essentialplugin. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Essentialplugin serves as a WordPress extension enhancing site functionality through various plugins and themes. Historically, it has been associated with multiple critical vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These vulnerabilities often stem from insufficient input validation and improper access controls. The project has experienced several high-severity incidents, including cases where compromised installations led to complete website takeovers. Security researchers have noted inconsistent patching practices across different plugin versions, leaving many deployments exposed. The cumulative impact of these vulnerabilities has made essentialplugin a frequent target in automated attacks, particularly against outdated or misconfigured installations.

Top products by essentialplugin: Album and Image Gallery Plus Lightbox Accordion and Accordion Slider Essential Chat Support
CVE IDTitleCVSSSeverityPublished
CVE-2026-8681 Essential Chat Support <= 1.0.1 - Missing Authorization to Unauthenticated Settings Reset via 'ecs_reset_settings' Parameter — Essential Chat SupportCWE-862 5.3 Medium2026-05-16
CVE-2026-6443 Essentialplugin Plugins (Various Versions) - Injected Backdoor — Accordion and Accordion SliderCWE-506 9.8 Critical2026-04-17
CVE-2025-13612 Album and Image Gallery Plus Lightbox <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode — Album and Image Gallery Plus LightboxCWE-79 6.4 Medium2026-02-19
CVE-2026-0727 Accordion and Accordion Slider <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Attachment Metadata Modification — Accordion and Accordion SliderCWE-862 5.4 Medium2026-02-14
CVE-2024-4194 Album and Image Gallery plus Lightbox <= 2.0 - Unauthenticated Arbitrary Shortcode Execution — Album and Image Gallery Plus LightboxCWE-94 6.5 Medium2024-06-06

This page lists every published CVE security advisory associated with essentialplugin. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.