CVE-2026-6443

Summary

All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.

Affected Software

VendorProductVersion RangeStatus
essentialpluginAccordion and Accordion Slider1.4.6affected
essentialpluginPortfolio and Projects1.5.6affected
essentialpluginFeatured Post Creative1.5.7affected
essentialpluginPost grid and filter ultimate1.7.4affected
essentialpluginWP Featured Content and Slider1.7.6affected
essentialpluginPost Ticker Ultimate1.7.6affected
essentialpluginTrending/Popular Post Slider and Widget1.8.6affected
essentialpluginMeta Slider and Carousel with Lightbox2.0.8affected
essentialpluginAlbum and Image Gallery Plus Lightbox2.1.8affected
essentialpluginTimeline and History slider2.4.5affected
essentialpluginWP Blog and Widgets2.6.6affected
essentialpluginCountdown Timer Ultimate2.6.9affected
essentialpluginBlog Designer – Post and Widget2.7.7affected
essentialpluginTeam Slider and Team Grid Showcase plus Team Carousel2.8.6affected
essentialpluginVideo gallery and Player2.8.7affected
essentialpluginPopup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions2.9.1affected
essentialpluginTestimonial Grid and Testimonial Slider plus Carousel with Rotator Widget3.5.6affected
essentialpluginWP Responsive Recent Post Slider/Carousel3.7.1affected
essentialpluginWP Slick Slider and Image Carousel3.7.8.1affected
essentialpluginWP Logo Showcase Responsive Slider and Carousel3.8.7affected
essentialpluginWP responsive FAQ with category plugin3.9.5affected
essentialpluginWP News and Scrolling Widgets5.0.6affected

Weaknesses

  • CWE-506: CWE-506 Embedded Malicious Code

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References