Description
Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.61.
Published: 2026-03-25
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Upgrade
AI Analysis

Impact

The vulnerability involves a missing authorization condition in the PickPlugins Product Slider for WooCommerce plugin, allowing access to administrative functions without proper authentication. This flaw enables an attacker to modify or control slider elements, potentially altering the way products are displayed on a WordPress site and compromising content integrity. The weakness corresponds to the common missing‑authorization defect identified by CWE‑862.

Affected Systems

This issue affects the PickPlugins Product Slider for WooCommerce for all WordPress sites that have the plugin version n/a through 1.13.60. Any site running the plugin within that version range is vulnerable; the plugin must be updated to address the missing access control.

Risk and Exploitability

The CVSS score of 6.5 indicates medium severity. The EPSS score is less than 1%, suggesting a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote via unauthenticated HTTP requests to administrative endpoints of the plugin, based on the missing authorization requirement, though this inference is drawn from the description and not explicitly stated in the CVE text.

Generated by OpenCVE AI on March 26, 2026 at 19:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the plugin to version 1.13.61 or later where the access control issue is resolved.
  • If an immediate update is not possible, block unauthenticated access to the plugin’s administrative URLs using a web application firewall or server‑level access control.
  • Verify that all administrative actions are protected by proper user authentication in the plugin configuration.
  • Monitor WordPress logs for unexpected slider modification attempts or anomalies in plugin activity.

Generated by OpenCVE AI on March 26, 2026 at 19:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.60. Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.61.
Title WordPress Product Slider for WooCommerce plugin <= 1.13.60 - Broken Access Control vulnerability WordPress Product Slider for WooCommerce plugin <= 1.13.61 - Broken Access Control vulnerability
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Thu, 26 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Pickplugins
Pickplugins product Slider For Woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Pickplugins
Pickplugins product Slider For Woocommerce
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.60.
Title WordPress Product Slider for WooCommerce plugin <= 1.13.60 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Pickplugins Product Slider For Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-23T14:14:09.949Z

Reserved: 2026-02-02T12:53:53.792Z

Link: CVE-2026-25455

cve-icon Vulnrichment

Updated: 2026-03-26T16:31:55.832Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T17:16:51.607

Modified: 2026-04-23T15:37:11.687

Link: CVE-2026-25455

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:31:41Z

Weaknesses