A critical supply chain compromise in the Accordion and Accordion Slider plugin introduces a persistent backdoor into all affected WordPress sites.

The plugin was acquired by malicious actors who subsequently injected a backdoor into the source code. This allows for persistent unauthorized access and the injection of spam content into the host site.

With a CVSS score of 9.8, this represents a total compromise of the affected website's integrity. The backdoor allows for ongoing unauthorized access, potential data theft, and significant reputational damage due to injected spam.

Immediate Action: Immediately remove the plugin from all WordPress installations. Do not rely on updates from the current maintainer.

Proactive Monitoring: Scan the site file system for unauthorized scripts and monitor database logs for suspicious content injections.

Compensating Controls: Implement a file integrity monitoring (FIM) solution to detect unauthorized changes to core or plugin files.

Public Exploit Available: Unknown

Because this is a deliberate backdoor, the plugin should be considered permanently untrusted. Organizations must remove the plugin immediately and perform a forensic audit of the site to identify any previously injected malicious code.