essentialplugin

Top products

The 13 most recently published vulnerabilities affecting essentialplugin.

• CVE-2026-8681Essential Chat Support <= 1.0.1 - Missing Authorization to Unauthenticated Settings Reset via 'ecs_reset_settings' Parameter5.3May 16, 2026
• CVE-2026-6443Essentialplugin Plugins (Various Versions) - Injected Backdoor9.8Apr 17, 2026
• CVE-2025-13612Album and Image Gallery Plus Lightbox <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode6.4Feb 19, 2026
• CVE-2026-0727Accordion and Accordion Slider <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Attachment Metadata Modification5.4Feb 14, 2026
• CVE-2024-4194Album and Image Gallery plus Lightbox <= 2.0 - Unauthenticated Arbitrary Shortcode Execution6.5Jun 6, 2024
• CVE-2023-38516WordPress Audio Player with Playlist Ultimate Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)6.5Sep 3, 2023
• CVE-2022-45818WordPress Hero Banner Ultimate Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)6.5May 4, 2023
• CVE-2022-38077WordPress Popup Anything Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF)4.3Mar 29, 2023
• CVE-2022-4791Product Slider and Carousel with Category for WooCommerce < 2.8 - Contributor+ Stored XSS via Shortcode5.4Feb 21, 2023
• CVE-2022-4747Post Category Image With Grid and Slider < 1.4.8 - Contributor+ Stored XSS via Shortcode5.4Feb 6, 2023
• CVE-2022-4824WP Blog and Widget < 2.3.1 - Contributor+ Stored XSS via Shortcode5.4Feb 6, 2023
• CVE-2022-2115Popup Anything < 2.1.7 - Reflected Cross-Site Scripting6.1Jul 25, 2022
• CVE-2021-24883Popup Anything < 2.0.4 - Contributor+ Stored Cross-Site Scripting5.4Nov 29, 2021