Vulnerabilities and security researches forticker-ultimate ticker-ultimate

Jun 06, 2024

CVE, Research URL: adef06891bf0c197fcec661504b5c06a996df18d
Home page URL: Security reports for Post Ticker Ultimate
Application: Post Ticker Ultimate
Date: Aug 16, 2023
Research Description: Post Ticker Ultimate [ticker-ultimate] < 1.5.6 WordPress Post Ticker Ultimate Plugin <= 1.5.5 is vulnerable to Broken Access Control Update the WordPress Post Ticker Ultimate plugin to the latest available version (at least 1.5.6). Abdi Pranata discovered and reported this Broken Access Control vulnerability in WordPress Post Ticker Ultimate Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has been fixed in version 1.5.6.
Affected versions: max 1.5.6.
Status: vulnerable

Apr 23, 2026

CVE, Research URL: CVE-2026-6443
Home page URL: Security reports for Post Ticker Ultimate
Application: Post Ticker Ultimate
Date: Apr 17, 2026
Research Description: All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.
Affected versions: max 1.7.6.1.
Status: vulnerable