CVE-2026-49777
Received Received - Intake
Malicious Software Implanted via Improper Input Validation in Product Slider Pro for WooCommerce

Publication date: 2026-06-05

Last updated on: 2026-06-05

Assigner: Patchstack

Description
Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.3. No patched version is available - the vendor has applied a fix to an existing release without publishing a new version. While the patch provided by the vendor is valid, releasing it under the existing version number leaves users unable to reliably determine whether they are running a patched or vulnerable installation. As a result, we treat this as an unpatched version.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-05
Generated
2026-06-05
AI Q&A
2026-06-05
EPSS Evaluated
N/A
NVD
CVE-2026-49777
EUVD
EUVD-2026-34792
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
shapedplugin product_slider_pro_for_woocommerce to 3.5.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-49777 is a critical vulnerability in the WordPress Product Slider Pro for WooCommerce plugin, specifically versions below 3.5.3. It is an improper validation issue that allows a backdoor to be implanted by malicious software. This backdoor enables attackers to gain unauthorized access to affected websites.

Because of this vulnerability, attackers can perform malicious activities such as injecting unwanted advertisements or other harmful content into the website.

No official patched version has been released; although the vendor applied a fix to an existing release, it was not published as a new version, making it difficult for users to confirm if their installation is secure.


How can this vulnerability impact me? :

This vulnerability can have severe impacts including unauthorized access to your website, which can lead to malicious activities such as injecting unwanted advertisements or other harmful content.

Since the vulnerability has a CVSS score of 10.0, it represents an extreme danger and is actively exploitable, potentially affecting thousands of websites.

Websites using the vulnerable versions should be considered potentially compromised, which can damage reputation, disrupt business operations, and expose sensitive data.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

The vulnerability is a backdoor in the WordPress Product Slider Pro for WooCommerce plugin versions below 3.5.3, which allows unauthorized access and malicious activity. Detection involves checking if your website is running a vulnerable version of the plugin.

Since the vendor has not released a new patched version, it is difficult to determine if the patch is applied. Therefore, detection should focus on identifying the plugin version and signs of compromise such as unexpected injected content or unauthorized access.

Suggested commands to detect the vulnerable plugin version on your system include:

  • Check the plugin version via WP-CLI: wp plugin list | grep product-slider-pro-for-woocommerce
  • Manually inspect the plugin's main file for version info, e.g., cat wp-content/plugins/product-slider-pro-for-woocommerce/product-slider-pro-for-woocommerce.php | grep 'Version'
  • Search for suspicious files or code injections in the plugin directory: grep -r 'base64_decode' wp-content/plugins/product-slider-pro-for-woocommerce/

Additionally, monitoring network traffic for unusual outbound connections or scanning for known attack patterns related to this backdoor may help detect exploitation attempts.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include:

  • Apply the vendor's patch if possible, even though it is not released as a new version.
  • Use the mitigation rule provided by Patchstack to block attacks targeting this vulnerability until an official fix is released.
  • Consider disabling or removing the Product Slider Pro for WooCommerce plugin if patching or mitigation is not feasible.
  • Scan your website for signs of compromise and clean any malicious code or injected content.
  • Seek assistance from your hosting provider or a developer to ensure your site is secure.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability in Product Slider Pro for WooCommerce allows attackers to gain unauthorized access to websites, potentially leading to malicious activities such as injecting unwanted advertisements. This unauthorized access and potential compromise of website integrity can result in exposure or manipulation of sensitive data.

Such a security breach could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches.

Since the vulnerability is actively exploitable and no reliable patched version is available, organizations using the affected plugin may face increased risk of non-compliance due to potential data breaches or unauthorized data processing.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart