CVE-2026-6443 - Vulnerability Analysis

Overview

Accordion and Accordion Slider WordPress plugin 1.4.6 contains a backdoor caused by malicious code injection by a threat actor, letting attackers maintain persistent access and inject spam, exploit requires plugin installation.

Severity & Score

Impact

Attackers can maintain persistent access and inject spam, compromising site integrity and availability.

Mitigation

Update to the latest version or remove the compromised plugin.

References

• https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/
• https://www.wordfence.com/threat-intel/vulnerabilities/id/2597724a-9a39-4e46-b153-f42366f833ba?source=cve

Social Media Activity(1 post)

OffSequence

@offseq

Apr 17, 2026

⚠️ CRITICAL: CVE-2026-6443 in WordPress Accordion & Accordion Slider v1.4.6 — embedded backdoor enables persistent access & spam injection. Remove/disable the plugin ASAP. No patch yet. https://radar.offseq.com/threat/cve-2026-6443-cwe-506-embedded-malicious-code-in-e-b2b69859 #OffSeq #WordPress #CVE20266443 #Infosec

View original post

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner