Platform
wordpress
Component
wp-responsive-recent-post-slider
Fixed in
1.4.7
1.5.7
1.5.8
1.7.5
1.7.7
1.7.7
1.8.7
2.0.9
2.1.9
2.4.6
2.6.7
2.6.10
2.7.8
2.8.7
2.8.8
2.9.2
3.5.7
3.7.2
3.7.9
3.8.8
3.9.6
5.0.7
CVE-2026-6443 identifies a critical vulnerability affecting various Essentialplugin WordPress plugins. A malicious threat actor acquired the plugin codebase and embedded a persistent backdoor, enabling unauthorized access and potential spam injection. This vulnerability impacts versions prior to 3.7.1.1 and requires immediate attention to prevent compromise. The vulnerability was published on 2026-04-17 and a fix is available.
The injected backdoor grants an attacker persistent, unauthorized access to affected WordPress websites. This allows for a wide range of malicious activities, including data exfiltration, website defacement, and the injection of spam content. The attacker can effectively control the compromised website, potentially using it to distribute malware or launch further attacks against visitors. The blast radius extends to all users of the affected plugins, and the impact can be significant, leading to reputational damage and financial losses. This backdoor is particularly concerning due to its persistence, allowing attackers to maintain access even after initial exploitation.
Exploitation context for CVE-2026-6443 is currently unclear, but the presence of a known backdoor significantly increases the risk. The vulnerability's criticality (CVSS 9.8) indicates a high probability of exploitation. Public proof-of-concept (POC) code may emerge, further accelerating exploitation. Monitor security advisories and threat intelligence feeds for updates on active campaigns targeting this vulnerability. The NVD and CISA have published information regarding this CVE.
Exploit Status
EPSS
0.06% (18% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-6443 is to immediately upgrade Essentialplugin WordPress plugins to version 3.7.1.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin to prevent further exploitation. While not a complete solution, a Web Application Firewall (WAF) configured to detect and block suspicious activity related to backdoor access attempts can provide an additional layer of protection. Regularly review WordPress plugin activity logs for any unusual behavior that might indicate compromise.
Update to version 3.7.1.1, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-6443 describes a critical vulnerability in Essentialplugin WordPress plugins where a malicious actor embedded a backdoor, allowing persistent unauthorized access and spam injection. It affects versions prior to 3.7.1.1 and carries a CVSS score of 9.8.
You are affected if you are using Essentialplugin WordPress plugins in a version prior to 3.7.1.1. Immediately check your plugin versions and upgrade to the latest available version to mitigate the risk.
The recommended fix is to upgrade Essentialplugin WordPress plugins to version 3.7.1.1 or later. If immediate upgrade is not possible, temporarily disable the plugin and implement WAF rules to detect suspicious activity.
While active exploitation is not yet confirmed, the vulnerability's criticality and the presence of a backdoor suggest a high probability of exploitation. Continuous monitoring and proactive mitigation are essential.
Refer to the Essentialplugin website and WordPress plugin repository for the official advisory and update information regarding CVE-2026-6443. Check their security announcements page for the latest details.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.