Vulnerabilities and security researches forwp-featured-content-and-slider wp-featured-content-and-slider

Jun 07, 2024

CVE, Research URL: deb685ef98e2416e44ec11d0a7e66dbb81ca65cf
Home page URL: Security reports for WP Featured Content and Slider
Application: WP Featured Content and Slider
Date: Nov 09, 2023
Research Description: WP Featured Content and Slider [wp-featured-content-and-slider] < 1.7 WordPress WP Featured Content and Slider Plugin <= 1.5 is vulnerable to Broken Access Control No patched version is available. Abdi Pranata discovered and reported this Broken Access Control vulnerability in WordPress WP Featured Content and Slider Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has not been known to be fixed yet.
Affected versions: max 1.7.
Status: vulnerable

Apr 23, 2026

CVE, Research URL: CVE-2026-6443
Home page URL: Security reports for WP Featured Content and Slider
Application: WP Featured Content and Slider
Date: Apr 17, 2026
Research Description: All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.
Affected versions: max 1.7.6.1.
Status: vulnerable