112 matches found
WordPress Product Slider Pro for WooCommerce < 3.5.4 - Supply Chain Backdoor RCE
Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. id: CVE-2026-49777 info: name: WordPress Product Slider Pro f...
CVE-2026-10735
CVE-2026-10735 concerns a supply‑chain compromise of ShapedPlugin Pro plugins (Product Slider Pro for WooCommerce, Real Testimonials Pro, Smart Post Show Pro) delivered via the vendor update server. Technical details show a stage 1 loader in src/Includes/LicenseLoader.php that runs on admin init ...
CVE-2026-8442 WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion via 'myaction' Parameter
The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfbhidereview and wprpsavereviewadmin AJAX handlers combined with insufficient path validation in the wpfbhidereviewaj...
WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...
WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...
WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...
EUVD-2026-37040
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...
CVE-2026-8443
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wpprogetoverallchartdata AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to jsondecode,...
CVE-2026-8443
CVE-2026-8443 affects the WordPress plugin WP Review Slider Pro (versions up to 12.6.8). The vulnerability is an SQL Injection in the wppro_get_overall_chart_data AJAX action, triggered via the stypes and slocations parameters. The root cause is the use of stripslashes() on user-supplied JSON pri...
EUVD-2026-37037
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wpprogetoverallchartdata AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to jsondecode,...
Exploit for CVE-2026-49777
CVE-2026-49777 CVE-2026-49777 - ShapedPlugin Product Slider Pr...
CVE-2026-49777
Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...
CVE-2026-49777
Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...
CVE-2026-49777 WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...
CVE-2026-49777 WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...
CVE-2026-49777
CVE-2026-49777 (WordPress Product Slider Pro for WooCommerce
EUVD-2026-34792
Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.3. No patched version is available - the vendor has applied a fi...
PT-2026-46911
Name of the Vulnerable Software and Affected Versions Product Slider Pro for WooCommerce versions prior to 3.5.4 Description Improper validation of input parameters related to specified quantities allows unauthenticated remote attackers to implant malicious software and execute arbitrary commands...
WordPress plugin Product Slider Pro for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
VulnCheck KEV: CVE-2026-49777
Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...