CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-49777

CVSS 10.0v3.1pub. 2026-06-05upd. 2026-06-08

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4.

🤖 AI Analysis
How it works

The error classified as CWE-1284 (Improper Validation of Specified Quantity in Input) consists of the lack of proper verification of quantity values in data passed to the plugin. Exploitation of this vulnerability enables injection of malicious code (Malicious Software Implanted) directly into the WordPress environment. The attack vector is network-based, requires no authentication or user interaction, and the attack scope exceeds the component boundary (Scope: Changed).

Impact

An attacker can implant a backdoor on the server, leading to complete breach of confidentiality, integrity, and availability of data and system. The consequence may be persistent unauthorized access to the infected WordPress site.

Mitigation & patch

The Product Slider Pro for WooCommerce plugin should be immediately updated to version 3.5.4 or newer. Administrators should also scan the site for the presence of malicious code or unauthorized changes to files that may have occurred before patch installation.

Who is affected

WordPress plugin Product Slider Pro for WooCommerce by ShapedPlugin, LLC — versions from n/a to 3.5.3 (before 3.5.4).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References