Vulnerability Description
All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-i
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2597724a-9a39-4e46-b15
FAQ
What is CVE-2026-6443?
CVE-2026-6443 is a vulnerability with a CVSS score of 9.8 (CRITICAL). All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in al...
How severe is CVE-2026-6443?
CVE-2026-6443 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-6443?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.