2 matches found
CVE-2026-0684 CP Image Store with Slideshow <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Product Import
The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpisadmininit' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2026-0684
CVE-2026-0684 affects the WordPress plugin “CP Image Store with Slideshow” (versions ≤ 1.1.9). The root cause is a logic error in the permissions check inside the cpis_admin_init function, enabling an authorization bypass. As a result, authenticated users with Contributor-level access and above c...