CVE-2026-49777 | Improper Validation of Specified Quantity in Input vulnerabi… | CVSS 10.0 CRITICAL

Description

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4.

Metadata

CVE ID: CVE-2026-49777
State: PUBLISHED
Assigner: Patchstack
Reserved: 2026-06-01 15:29 UTC
Published: 2026-06-05 08:59 UTC
Last updated: 2026-06-08 16:18 UTC
Primary CWE: CWE-1284
CWE-1284 Improper Validation of Specified Quantity in Input
Vendor / Product: ShapedPlugin, LLC / Product Slider Pro for WooCommerce
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
ShapedPlugin, LLC	Product Slider Pro for WooCommerce	—	n/a < 3.5.4

Weakness (CWE)

CWE	Source	Description
CWE-1284	cna	CWE-1284 Improper Validation of Specified Quantity in Input

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (1)

https://patchstack.com/database/wordpress/plugin/woo-product-slider-pro/vulnerability/wordpress-product-slider-pro-for-woocommerce-plugin-3-5-2-backdoor-vulnerability?_s_id=cve