Accordion and Accordion Slider 1.4.6 - Injected Backdoor

CVE	CVE-2026-6443
State	PUBLISHED
Assigner	Wordfence
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-04-17 07:16:03 UTC
Updated	2026-04-17 07:16:03 UTC
Description	The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.

Primary CVSS: v3.1 9.8 CRITICAL from [email protected]

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS: 0.000440000 probability, percentile 0.134210000 (date 2026-04-20)

Problem Types: CWE-506 | CWE-506 CWE-506 Embedded Malicious Code

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Primary	9.8	CRITICAL	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
3.1	CNA	DECLARED	9.8	CRITICAL	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source	Vendor	Product	Version	Platforms
CNA	Essentialplugin	Accordion And Accordion Slider	affected 1.4.6	Not specified

Reference	Source	Link	Tags
www.wordfence.com/threat-intel/vulnerabilities/id/2597724a-9a39-4e46-b153-f4236...	[email protected]	www.wordfence.com
anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in...	[email protected]	anchor.host
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

CNA: Eu Joe Chegne (en)

CNA: Damien (en)

Source	Time	Event
CNA	2026-04-16T18:38:10.000Z	Vendor Notified
CNA	2026-04-09T00:00:00.000Z	Disclosed

There are currently no legacy QID mappings associated with this CVE.