cleantalk
Vulnerabilities and Security Researches

Accordion and Accordion Slider, CVE-2026-6443

CVE, Research URL

CVE-2026-6443

Home page URL

Security reports for Accordion and Accordion Slider

Application

Accordion and Accordion Slider

Published on
Apr 17, 2026
Research Description
The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.
Affected versions
max 1.4.6.1.
Status
vulnerable
Previous vulnerability researches
Zarinpal Gateway (CVE-2026-2592) , Apr 15, 2026
New vulnerability
Carousel Ultimate (CVE-2025-58652) , Apr 19, 2026
WP Social Widget (CVE-2025-57981) , Apr 19, 2026
Accordion and Accordion Slider (CVE-2026-6443) , Apr 19, 2026
Qubely – Advanced Gutenberg Blocks (CVE-2025-58249) , Apr 19, 2026
Popup Box – new WordPress popup plugin (CVE-2025-12122) , Apr 19, 2026