PatchSiren cyber security CVE debrief
CVE-2026-49777 ShapedPlugin, LLC CVE debrief
CVE-2026-49777 is a critical vulnerability in the Product Slider Pro for WooCommerce plugin, caused by improper validation of specified quantity in input. This vulnerability, with a CVSS score of 10, allows for malicious software to be implanted. The affected versions of the plugin are from n/a to 3.5.4.
- Vendor
- ShapedPlugin, LLC
- Product
- Product Slider Pro for WooCommerce
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-08
Who should care
Users of Product Slider Pro for WooCommerce, particularly those with versions prior to 3.5.4, should be aware of this critical vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by improper validation of specified quantity in input in the Product Slider Pro for WooCommerce plugin. This allows for malicious software to be implanted, with a CVSS score of 10, indicating a critical severity.
Defensive priority
High
Recommended defensive actions
- Update Product Slider Pro for WooCommerce to version 3.5.4 or later.
- Review and monitor your website for potential malicious activity.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information is available at [ref-4].
Official resources
-
CVE-2026-49777 CVE record
CVE.org
-
CVE-2026-49777 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-49777 was published on 2026-06-05T09:16:26.220Z and modified on 2026-06-08T17:16:52.930Z.