cleantalk
Vulnerabilities and Security Researches

Portfolio and Projects, CVE-2026-6443

CVE, Research URL

CVE-2026-6443

Home page URL

Security reports for Portfolio and Projects

Application

Portfolio and Projects

Published on
Apr 17, 2026
Research Description
All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.
Affected versions
max 1.5.6.1.
Status
vulnerable
Previous vulnerability researches
WP Featured Content and Slider (deb685ef98e2416e44ec11d0a7e66dbb81ca65cf) , Jun 07, 2024
WP Featured Content and Slider (CVE-2026-6443) , Apr 23, 2026
New vulnerability
AutomatorWP – The #1 automator plugin for no-code automation in WordPress (CVE-2025-9539) , Apr 23, 2026
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) (CVE-2026-5464) , Apr 23, 2026
Kcaptcha (CVE-2026-4121) , Apr 23, 2026
mCatFilter (CVE-2026-4139) , Apr 23, 2026
Short Comment Filter (CVE-2026-3362) , Apr 23, 2026