CVE-2026-6443

CVSS v3.1

9.8

Critical

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-506

Related Identifiers

CVE-2026-6443

Affected Products

Accordion/Accordion Slider

CVE-2026-6443

Weakness Enumeration

Related Identifiers

Affected Products

References · 8