Lucene search
+L

115 matches found

Nuclei
Nuclei
added 12 hours ago24 views

WordPress Product Slider Pro for WooCommerce < 3.5.4 - Supply Chain Backdoor RCE

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. id: CVE-2026-49777 info: name: WordPress Product Slider Pro f...

10CVSS5.2AI score0.01656EPSS
Exploits3References3
NVD
NVD
added 2026/07/02 10:16 a.m.10 views

CVE-2026-8441

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprploadmorerevs AJAX action in versions up to, and including, 12.7.2. The parameter is read via $POST'notinstring' and passed through sanitizetextfield — which strips HTML and...

7.5CVSS0.00374EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 9:32 a.m.11 views

EUVD-2026-41274

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprploadmorerevs AJAX action in versions up to, and including, 12.7.2. The parameter is read via $POST'notinstring' and passed through sanitizetextfield — which strips HTML and...

7.5CVSS6AI score0.00374EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/02 7:4 a.m.8 views

WordPress WP Review Slider Pro plugin <= 12.7.2 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.7.2...

7.5CVSS5.8AI score0.00374EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/24 6:0 a.m.86 views

CVE-2026-10735

CVE-2026-10735 concerns a supply‑chain compromise of ShapedPlugin Pro plugins (Product Slider Pro for WooCommerce, Real Testimonials Pro, Smart Post Show Pro) delivered via the vendor update server. Technical details show a stage 1 loader in src/Includes/LicenseLoader.php that runs on admin init ...

7.5CVSS6.2AI score0.00387EPSS
In wildExploits1References1
Cvelist
Cvelist
added 2026/06/16 9:31 a.m.32 views

CVE-2026-8442 WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion via 'myaction' Parameter

The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfbhidereview and wprpsavereviewadmin AJAX handlers combined with insufficient path validation in the wpfbhidereviewaj...

8.1CVSS0.00501EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/16 8:34 a.m.7 views

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

8.8CVSS5.8AI score0.00347EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 8:32 a.m.11 views

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

8.8CVSS5.8AI score0.00335EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 8:27 a.m.8 views

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

8.1CVSS5.2AI score0.00501EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/16 6:49 a.m.12 views

EUVD-2026-37040

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

8.8CVSS5.8AI score0.00347EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 6:16 a.m.15 views

CVE-2026-8443

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wpprogetoverallchartdata AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to jsondecode,...

8.8CVSS0.00335EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 5:33 a.m.11 views

EUVD-2026-37037

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wpprogetoverallchartdata AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to jsondecode,...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 5:33 a.m.23 views

CVE-2026-8443

CVE-2026-8443 affects the WordPress plugin WP Review Slider Pro (versions up to 12.6.8). The vulnerability is an SQL Injection in the wppro_get_overall_chart_data AJAX action, triggered via the stypes and slocations parameters. The root cause is the use of stripslashes() on user-supplied JSON pri...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/12 8:26 a.m.116 views

Exploit for CVE-2026-49777

CVE-2026-49777 CVE-2026-49777 - ShapedPlugin Product Slider Pr...

10CVSS5.3AI score0.01656EPSS
Exploits3
NVD
NVD
added 2026/06/05 9:16 a.m.16 views

CVE-2026-49777

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...

10CVSS0.01656EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/06/05 8:59 a.m.15 views

CVE-2026-49777 WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...

10CVSS5.4AI score0.01656EPSS
Exploits3References1
EUVD
EUVD
added 2026/06/05 8:59 a.m.12 views

EUVD-2026-34792

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.3. No patched version is available - the vendor has applied a fi...

10CVSS5.5AI score0.01656EPSS
Exploits3References1
CVE
CVE
added 2026/06/05 8:59 a.m.65 views

CVE-2026-49777

CVE-2026-49777 (WordPress Product Slider Pro for WooCommerce

10CVSS5.4AI score0.01656EPSS
In wildExploits3References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 8:59 a.m.11 views

CVE-2026-49777

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...

10CVSS5.4AI score0.01656EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/06/05 8:59 a.m.52 views

CVE-2026-49777 WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...

10CVSS0.01656EPSS
Exploits3References1
Rows per page
Query Builder