cleantalk
Vulnerabilities and Security Researches

Post Ticker Ultimate, CVE-2026-6443

CVE, Research URL

CVE-2026-6443

Home page URL

Security reports for Post Ticker Ultimate

Application

Post Ticker Ultimate

Published on
Apr 17, 2026
Research Description
All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.
Affected versions
max 1.7.6.1.
Status
vulnerable
Previous vulnerability researches
Post Ticker Ultimate (CVE-2026-6443) , Apr 23, 2026
Post Ticker Ultimate (adef06891bf0c197fcec661504b5c06a996df18d) , Jun 06, 2024
New vulnerability
Private WP suite (CVE-2026-2719) , Apr 24, 2026
Sitekit (CVE-2025-58229) , Apr 24, 2026
Skimlinks Affiliate Marketing Tool (CVE-2025-57944) , Apr 24, 2026
Switch CTA Box (CVE-2026-4088) , Apr 24, 2026
CalJ (CVE-2026-4117) , Apr 24, 2026