<0.1% probability · 18.2th percentile — 2026-05-12
Affected versions
WordPress Accordion and Accordion Slider plugin version 1.4.6
Summary
The popular WordPress Accordion and Accordion Slider plugin was acquired by a malicious threat actor, who embedded a persistent backdoor into version 1.4.6. The backdoor allows the threat actor to maintain permanent remote access to affected websites and inject unwanted spam content. WordPress powers the majority of global websites, making this a high risk for many organizations.
Remediation
Website owners should immediately remove the affected plugin from their WordPress installation and replace it with a trusted alternative. Scan the entire site for additional malware or unauthorized changes left by the backdoor. Reset all administrator credentials and monitor site activity for persistent unauthorized access.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. Potential exploit details can be searched in Exploit-DB or GitHub.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.