CVE-2026-22489
Unknown Unknown - Not Provided
Authorization Bypass in Wptexture Image Slider Slideshow

Publication date: 2026-01-08

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow image-slider-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through <= 1.8.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-08
Last Modified
2026-04-23
Generated
2026-05-07
AI Q&A
2026-01-08
EPSS Evaluated
2026-05-05
NVD
CVE-2026-22489
EUVD
EUVD-2026-1481
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wptexture image_slider_slideshow From 1.0 (inc) to 1.8 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-22489 is an Insecure Direct Object References (IDOR) vulnerability in the WordPress Image Slider Slideshow Plugin versions up to 1.8. It allows a malicious user with contributor or developer privileges to bypass authorization and authentication controls, potentially accessing sensitive files, folders, or interacting improperly with the database. This is due to incorrectly configured access control security levels. [1]


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.


How can this vulnerability impact me? :

This vulnerability can allow an attacker with certain privileges to bypass access controls and gain unauthorized access to sensitive files, folders, or database interactions. However, the impact is considered low severity with a CVSS score of 4.3, and exploitation is unlikely. There is currently no official fix or patched version available. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection involves identifying unauthorized access attempts exploiting the Insecure Direct Object References (IDOR) vulnerability in the Image Slider Slideshow plugin up to version 1.8. Since the vulnerability allows users with contributor or developer privileges to bypass authorization controls, monitoring logs for unusual access patterns or requests to sensitive files or database interactions related to the plugin is recommended. Specific commands are not provided in the available resources. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting contributor and developer privileges to trusted users only, monitoring for suspicious activity related to the Image Slider Slideshow plugin, and applying any available security intelligence or mitigations provided by Patchstack. Since no official fix or patched version is currently available, careful access control and monitoring are essential. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart