What is CVE-2026-6443?

CVE-2026-6443 is a critical-severity vulnerability in Essentialplugin Accordion And Slider, classified under CWE-506. CVSS score: 9.8/10. Published 2026-04-17.

How severe is CVE-2026-6443?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Essentialplugin Accordion And Slider

CVE-2026-6443

All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This m…

EPSS: 0.000 (6.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Essentialplugin Accordion And Slider — versions 1.4.6
Essentialplugin Album And Image Gallery Plus Lightbox — versions 2.1.8
Essentialplugin Blog Designer – Post And Widget — versions 2.7.7
Essentialplugin Countdown Timer Ultimate — versions 2.6.9
Essentialplugin Featured Post Creative — versions 1.5.7
Essentialplugin Meta Slider And Carousel With Lightbox — versions 2.0.8
Essentialplugin Popup Maker And Anything – For Opt-ins Lead Generation Conversions — versions 2.9.1
Essentialplugin Portfolio And Projects — versions 1.5.6
Essentialplugin Post Grid And Filter Ultimate — versions 1.7.4
Essentialplugin Post Ticker Ultimate — versions 1.7.6

Weakness classification (CWE)

CWE-506

References

Frequently asked questions

What is CVE-2026-6443?: CVE-2026-6443 is a critical-severity vulnerability in Essentialplugin Accordion And Slider, classified under CWE-506. CVSS score: 9.8/10. Published 2026-04-17.
How severe is CVE-2026-6443?: Critical severity. CVSS v3 base score is 9.8 out of 10.