Description
Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.61.
Published: 2026-03-25
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Upgrade
AI Analysis

Impact

The vulnerability is a missing authorization condition in PickPlugins Product Slider for WooCommerce, allowing exploitation of incorrectly configured access control security levels. Attackers can reach administrative actions or functionality within the plugin without proper authentication, potentially modifying slider content on WordPress sites and compromising site presentation. This unauthorized access aligns with the authentication‑authorization weakness identified by CWE‑862.

Affected Systems

This issue affects the PickPlugins Product Slider for WooCommerce for all WordPress sites that have the plugin version n/a through <= 1.13.61. Any site running the plugin within that version range is vulnerable; the plugin must be updated to address the missing access control.

Risk and Exploitability

The CVSS score of 6.5 indicates medium severity. The EPSS score is less than 1%, suggesting a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote via unauthenticated HTTP requests to administrative endpoints of the plugin, based on the missing authorization requirement, though this inference is drawn from the description and not explicitly stated in the CVE text.

Generated by OpenCVE AI on April 28, 2026 at 16:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the plugin to version 1.13.61 or later where the access control issue is resolved.
  • If an immediate update is not possible, block unauthenticated access to the plugin’s administrative URLs using a web application firewall or server‑level access control.
  • Verify that all administrative actions are protected by proper user authentication in the plugin configuration.
  • Monitor WordPress logs for unexpected slider modification attempts or anomalies in plugin activity.

Generated by OpenCVE AI on April 28, 2026 at 16:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.60. Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.61.
Title WordPress Product Slider for WooCommerce plugin <= 1.13.60 - Broken Access Control vulnerability WordPress Product Slider for WooCommerce plugin <= 1.13.61 - Broken Access Control vulnerability
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Thu, 26 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Pickplugins
Pickplugins product Slider For Woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Pickplugins
Pickplugins product Slider For Woocommerce
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.60.
Title WordPress Product Slider for WooCommerce plugin <= 1.13.60 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Pickplugins Product Slider For Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:59.348Z

Reserved: 2026-02-02T12:53:53.792Z

Link: CVE-2026-25455

cve-icon Vulnrichment

Updated: 2026-03-26T16:31:55.832Z

cve-icon NVD

Status : Deferred

Published: 2026-03-25T17:16:51.607

Modified: 2026-04-28T02:16:07.800

Link: CVE-2026-25455

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T17:00:13Z

Weaknesses