Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Portfolio and Projects

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2026-6443
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.02% / 6.64%
||
7 Day CHG~0.00%
Published-17 Apr, 2026 | 06:44
Updated-22 Apr, 2026 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Essentialplugin Plugins (Various Versions) - Injected Backdoor

All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.

Action-Not Available
Vendor-essentialplugin
Product-Blog Designer – Post and WidgetFeatured Post CreativeWP Featured Content and SliderTestimonial Grid and Testimonial Slider plus Carousel with Rotator WidgetWP Responsive Recent Post Slider/CarouselPost grid and filter ultimateWP Slick Slider and Image CarouselWP responsive FAQ with category pluginPortfolio and ProjectsWP Logo Showcase Responsive Slider and CarouselWP Blog and WidgetsTeam Slider and Team Grid Showcase plus Team CarouselCountdown Timer UltimateAccordion and Accordion SliderTrending/Popular Post Slider and WidgetAlbum and Image Gallery Plus LightboxMeta Slider and Carousel with LightboxPost Ticker UltimateVideo gallery and PlayerWP News and Scrolling WidgetsTimeline and History sliderPopup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions
CWE ID-CWE-506
Embedded Malicious Code
CVE-2025-67470
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.43%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 14:13
Updated-28 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Portfolio and Projects plugin <= 1.5.5 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Essential Plugin Portfolio and Projects portfolio-and-projects allows Retrieve Embedded Sensitive Data.This issue affects Portfolio and Projects: from n/a through <= 1.5.5.

Action-Not Available
Vendor-Essential Plugin
Product-Portfolio and Projects
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2023-39995
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.30%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:23
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Portfolio and Projects plugin <= 1.3.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Portfolio and Projects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio and Projects: from n/a through 1.3.7.

Action-Not Available
Vendor-WP OnlineSupport, Essential Plugin
Product-Portfolio and Projects
CWE ID-CWE-862
Missing Authorization