Description
Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted.

This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4.
Published: 2026-06-05
Score: 10 Critical
EPSS: 1.7% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper validation of the specified quantity field in the plugin's input handling allows malicious software to be implanted. Based on the description, it is inferred that this vulnerability, identified as CWE‑1284, could enable an attacker to execute arbitrary code with the privileges of the web server, threatening the confidentiality, integrity, and availability of the WordPress site.

Affected Systems

All WordPress sites running ShapedPlugin, LLC’s Product Slider Pro for WooCommerce plugin versions before 3.5.4 are affected. The vendor has released version 3.5.4 which includes the fix.

Risk and Exploitability

The flaw has a CVSS score of 10, marking it as critical. With an EPSS score of 1% and not listed in CISA KEV, the likelihood of exploitation remains low, yet the potential impact remains high. Based on the description, it is inferred that the most likely attack vector is a crafted HTTP request to the plugin’s quantity handling endpoint, which could be triggered either by an authenticated user or by an unauthenticated visitor on a publicly accessible site.

Generated by OpenCVE AI on June 18, 2026 at 07:24 UTC.

Remediation

Vendor Solution

Update to 3.5.4 or a higher version.

OpenCVE Recommended Actions

  • Upgrade the Product Slider Pro for WooCommerce plugin to version 3.5.4 or a higher release.
  • Temporarily disable the Product Slider Pro for WooCommerce plugin until the patched files have been installed to block potential exploitation attempts.
  • Configure firewall or web‑application‑gateway rules to block or rate‑limit traffic to the plugin’s quantity endpoint until the fix is applied.

Generated by OpenCVE AI on June 18, 2026 at 07:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.3. No patched version is available - the vendor has applied a fix to an existing release without publishing a new version. While the patch provided by the vendor is valid, releasing it under the existing version number leaves users unable to reliably determine whether they are running a patched or vulnerable installation. As a result, we treat this as an unpatched version. Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4.
Title WordPress Product Slider Pro for WooCommerce plugin < 3.5.3 - Backdoor vulnerability WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability

Sun, 07 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Shapedplugin
Shapedplugin product Slider For Woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Shapedplugin
Shapedplugin product Slider For Woocommerce
Wordpress
Wordpress wordpress

Sat, 06 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.3. No patched version is available - the vendor has applied a fix to an existing release without publishing a new version. While the patch provided by the vendor is valid, releasing it under the existing version number leaves users unable to reliably determine whether they are running a patched or vulnerable installation. As a result, we treat this as an unpatched version.
Title WordPress Product Slider Pro for WooCommerce plugin < 3.5.3 - Backdoor vulnerability
Weaknesses CWE-1284
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Shapedplugin Product Slider For Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-08T16:18:18.074Z

Reserved: 2026-06-01T15:29:19.865Z

Link: CVE-2026-49777

cve-icon Vulnrichment

Updated: 2026-06-06T17:24:07.067Z

cve-icon NVD

Status : Deferred

Published: 2026-06-05T09:16:26.220

Modified: 2026-06-08T17:16:52.930

Link: CVE-2026-49777

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T07:30:05Z

Weaknesses
  • CWE-1284

    Improper Validation of Specified Quantity in Input