Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Backdoor in Accordion and Accordion Slider plugin allows attackers to inject spam
CVE-2026-6443
Summary
The Accordion and Accordion Slider plugin for WordPress versions 1.4.6 may allow attackers to secretly install malicious code. This can lead to spam being injected into your website. You should remove the plugin or update to a trusted version.
Original title
The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a back...
Original description
The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.
nvd CVSS3.1
9.8
Vulnerability type
CWE-506
Embedded Malicious Code
Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026