CVE-2026-49777
WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
In short
The WordPress Product Slider Pro for WooCommerce plugin (versions before 3.5.4) has a critical vulnerability that allows attackers to implant malicious software into websites. The plugin fails to properly validate user input, giving attackers a way to compromise the entire site.
Technical detail
CWE-1284 (improper validation of specified quantity in input) enables remote code injection through insufficiently validated input parameters. The vulnerability allows unauthenticated or low-privileged attackers to implant malicious software without proper authorization checks, resulting in complete site compromise. Affected versions: Product Slider Pro for WooCommerce < 3.5.4.
Summary generated and translated by AI from the official description.
Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted.
This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
ShapedPlugin, LLC · Product Slider Pro for WooCommercepublic PoCs found — 3
githubgithub.com/izxci/CVE-2026-49777★ 0githubgithub.com/xxconi/CVE-2026-49777-CVE-2026-10735★ 0githubgithub.com/HORKimhab/CVE-Wordpress★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →