WordPress Plugin Vulnerabilities
Multiple Plugins by "Essential Plugin" - Backdoor
Description
Multiple plugins by the "EssentialPlugin" wordpress.org user were backdoored allowing that malicious actor to take over sites using them.
Proof of Concept
Affects Plugins
Fixed in 1.4.6.1
Fixed in 2.1.8.1
Fixed in 2.7.7.1
Fixed in 2.6.9.1
Fixed in 1.5.7.1
Fixed in 2.8.7.1
Fixed in 2.0.8.1
Fixed in 2.9.1.1
Fixed in 1.5.6.1
Fixed in 1.7.4.1
Fixed in 3.9.5.1
Fixed in 5.0.6.1
Fixed in 1.7.6.1
Fixed in 2.4.5.1
Fixed in 2.6.6.1
Fixed in 1.7.6.1
Fixed in 3.8.7.1
Fixed in 3.7.1.1
Fixed in 3.7.8.1
Fixed in 2.8.6.1
Fixed in 3.5.6.1
Fixed in 1.8.6.1 
No known fix
No known fix
No known fix References
Miscellaneous
Submitter
WPScan Team
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2026-04-13 (about 1 month ago)
Added
2026-04-13 (about 1 month ago)
Last Updated
2026-04-16 (about 27 days ago)
WPScan 