EUVD-2026-23384
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionNVD
The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.
AnalysisAI
Malicious backdoor in Accordion and Accordion Slider plugin version 1.4.6 allows remote unauthenticated attackers complete site compromise. The plugin was sold to a threat actor who systematically embedded backdoors across their entire portfolio of acquired WordPress plugins. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all WordPress installations running Accordion and Accordion Slider plugin version 1.4.6 using automated scanning tools; immediately deactivate and delete the plugin; review access logs for suspicious activity dating back 30+ days. Within 7 days: Update to a patched alternative plugin or implement equivalent functionality through vetted alternatives (verify no backdoor signatures); conduct forensic analysis for persistence mechanisms and unauthorized admin accounts; reset all WordPress credentials. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today