{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25455", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:53:53.792Z", "datePublished": "2026-03-25T16:14:50.367Z", "dateUpdated": "2026-03-25T16:14:50.367Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "woocommerce-products-slider", "product": "Product Slider for WooCommerce", "vendor": "PickPlugins", "versions": [{"lessThanOrEqual": "<= 1.13.60", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "theviper17 | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:29.121Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.60.</p>"}], "value": "Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.60."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:50.367Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/woocommerce-products-slider/vulnerability/wordpress-product-slider-for-woocommerce-plugin-1-13-60-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress Product Slider for WooCommerce plugin <= 1.13.60 - Broken Access Control vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.60."}], "id": "CVE-2026-25455", "lastModified": "2026-03-25T17:16:51.607", "metrics": {}, "published": "2026-03-25T17:16:51.607", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/woocommerce-products-slider/vulnerability/wordpress-product-slider-for-woocommerce-plugin-1-13-60-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T19:29:44.377248+00:00", "value": {"mitigation_remediation": ["Upgrade the Product Slider for WooCommerce plugin to any release newer than 1.13.60 if one is available", "If an upgrade is not immediately possible, uninstall the plugin to eliminate the risk", "When an upgrade is delayed, lock the plugin\u2019s configuration pages to trusted administrators only", "Monitor site logs for unauthorized attempts to change slider settings"], "summary": {"action": "Upgrade Plugin", "impact": "Unauthorized Access via Broken Access Control"}, "threat_synthesis": {"affected_systems": "The issue affects the WordPress plugin Product Slider for WooCommerce supplied by PickPlugins. Any instance of the plugin with a version of 1.13.60 or earlier is vulnerable. Site administrators who have not upgraded the plugin since that version are directly impacted.", "description_and_impact": "The vulnerability is a missing authorization flaw that allows an attacker to bypass the intended access controls of the Product Slider for WooCommerce plugin. By interacting with the plugin\u2019s configuration interface or exposed endpoints, a user can modify slider content, change settings, or potentially inject malicious data. This unauthorized access could lead to disclosure of sensitive information, visual defacement of the site, or create a foothold for further attacks. The weakness is classified as Incorrect Authorization, making it a significant risk if the plugin is present on a site.", "risk_and_exploitability": "The CVSS score is not provided, but Missing Authorization defects are generally considered high severity. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. The most probable attack vector involves interacting with the WordPress admin interface or the plugin\u2019s API endpoints; an attacker only needs some form of site access to exploit the flaw."}}}}, "created": "2026-03-25T21:44:24.233169+00:00", "updated": "2026-03-25T21:44:24.233194+00:00", "vendors": []}