CVE-2026-22489
Unknown Unknown - Not Provided
Authorization Bypass in Wptexture Image Slider Slideshow

Publication date: 2026-01-08

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow image-slider-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through <= 1.8.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-08
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-01-08
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22489
EUVD
EUVD-2026-1481
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wptexture image_slider_slideshow From 1.0 (inc) to 1.8 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-22489 is an Insecure Direct Object References (IDOR) vulnerability in the WordPress Image Slider Slideshow Plugin versions up to 1.8. It allows a malicious user with contributor or developer privileges to bypass authorization and authentication controls, potentially accessing sensitive files, folders, or interacting improperly with the database. This is due to incorrectly configured access control security levels. [1]

Impact Analysis

This vulnerability can allow an attacker with certain privileges to bypass access controls and gain unauthorized access to sensitive files, folders, or database interactions. However, the impact is considered low severity with a CVSS score of 4.3, and exploitation is unlikely. There is currently no official fix or patched version available. [1]

Detection Guidance

Detection involves identifying unauthorized access attempts exploiting the Insecure Direct Object References (IDOR) vulnerability in the Image Slider Slideshow plugin up to version 1.8. Since the vulnerability allows users with contributor or developer privileges to bypass authorization controls, monitoring logs for unusual access patterns or requests to sensitive files or database interactions related to the plugin is recommended. Specific commands are not provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include restricting contributor and developer privileges to trusted users only, monitoring for suspicious activity related to the Image Slider Slideshow plugin, and applying any available security intelligence or mitigations provided by Patchstack. Since no official fix or patched version is currently available, careful access control and monitoring are essential. [1]

Compliance Impact

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22489. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart