cleantalk
Vulnerabilities and Security Researches

Accordion and Accordion Slider, CVE-2026-6443

CVE, Research URL

CVE-2026-6443

Home page URL

Security reports for Accordion and Accordion Slider

Application

Accordion and Accordion Slider

Published on
Apr 17, 2026
Research Description
The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.
Affected versions
max 1.4.6.1.
Status
vulnerable
Previous vulnerability researches
Embed Calendly (CVE-2026-32411) , Mar 30, 2026
Embed Calendly (CVE-2023-4995) , Jun 07, 2024
Embed Calendly (CVE-2026-0868) , Apr 22, 2026
New vulnerability
WP Responsive Recent Post Slider/Carousel (CVE-2026-6443) , Apr 23, 2026
Image Source Control Lite – Show Image Credits and Captions (CVE-2026-4852) , Apr 22, 2026
MailerLite – WooCommerce integration (CVE-2026-1000) , Apr 22, 2026
Embed Calendly (CVE-2026-0868) , Apr 22, 2026
Product Filter by WBW (CVE-2026-39494) , Apr 22, 2026