CVE-2026-6443

· NIST NVD ↗

All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.

CRITICAL
CVSS severity
9.8
CVSS base score
2026-04-17
Published

CWE codes

CWE-506

Sources