Accordion And Accordion Slider
Approved changes feed: RSS · Atom
cpe:2.3:a:essentialplugin:accordion_and_accordion_slider:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Essentialplugin (7cc9011c-ee3a-5cc4-b415-3927e0ae0329) |
|---|---|
| Product | Accordion And Accordion Slider (37d32f27-a4cc-5193-a8e2-edf9f7fbd8e7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-6443 |
vulnerable | 2026-06-03 15:27:55.312354 |
Essentialplugin Plugins (Various Versions) - Injected Backdoor
CRITICAL (9.8)
All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.
Published: 2026-04-17T06:44:49.128Z
Updated: 2026-04-21T19:53:07.705Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-0727 |
vulnerable | 2026-06-03 15:14:42.719071 |
Accordion and Accordion Slider <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Attachment Metadata Modification
MEDIUM (5.4)
The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'wp_aas_save_attachment_data' and 'wp_aas_get_attachment_edit_form' functions. This makes it possible for authenticated attackers, with contributor level access and above, to read and modify attachment metadata including file paths, titles, captions, alt text, and custom links for any attachment on the site.
Published: 2026-02-14T06:42:26.388Z
Updated: 2026-04-08T16:39:42.849Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.