VYPR
Critical severity9.8NVD Advisory· Published Apr 17, 2026· Updated Apr 22, 2026

CVE-2026-6443

CVE-2026-6443

Description

All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

2

News mentions

1