Description
Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted.

This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.3.

No patched version is available - the vendor has applied a fix to an existing release without publishing a new version. While the patch provided by the vendor is valid, releasing it under the existing version number leaves users unable to reliably determine whether they are running a patched or vulnerable installation. As a result, we treat this as an unpatched version.
Published: 2026-06-05
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The WordPress Product Slider Pro for WooCommerce plugin contains an improper validation of the specified quantity field in its input handling, which permits the inclusion of malicious software through a backdoor. This defect corresponds to CWE‑1284 and allows an attacker to execute arbitrary code with the privileges of the web server, jeopardizing the confidentiality, integrity, and availability of the site.

Affected Systems

All WordPress sites running ShapedPlugin, LLC’s Product Slider Pro for WooCommerce plugin versions older than 3.5.3 are affected. The vendor has applied an internal fix to the existing release but has not issued a new public version number, so the vulnerability remains present until the patched files are manually applied.

Risk and Exploitability

The flaw has a CVSS score of 10, marking it as critical. With no EPSS data available and it is not listed in CISA KEV, the likelihood of exploitation remains uncertain, yet the potential impact remains high. The most likely attack vector is a crafted HTTP request to the plugin’s quantity handling endpoint, which could be triggered either by an authenticated user or by an unauthenticated visitor on a publicly accessible site.

Generated by OpenCVE AI on June 5, 2026 at 10:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain the vendor‑supplied internal patch file from ShapedPlugin support and overwrite the vulnerable plugin files on the server.
  • Temporarily disable the Product Slider Pro for WooCommerce plugin until the patched files have been installed to block potential exploitation attempts.
  • Configure firewall or web‑application‑gateway rules to block or rate‑limit traffic to the plugin’s quantity endpoint until the fix is applied.

Generated by OpenCVE AI on June 5, 2026 at 10:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.3. No patched version is available - the vendor has applied a fix to an existing release without publishing a new version. While the patch provided by the vendor is valid, releasing it under the existing version number leaves users unable to reliably determine whether they are running a patched or vulnerable installation. As a result, we treat this as an unpatched version.
Title WordPress Product Slider Pro for WooCommerce plugin < 3.5.3 - Backdoor vulnerability
Weaknesses CWE-1284
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-05T08:59:53.320Z

Reserved: 2026-06-01T15:29:19.865Z

Link: CVE-2026-49777

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-05T09:16:26.220

Modified: 2026-06-05T13:26:42.027

Link: CVE-2026-49777

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T11:00:14Z

Weaknesses