CVE-2026-49777

CRITICAL EXPLOITED NUCLEI

WordPress Product Slider Pro for WooCommerce plugin < 3.5.3 - Backdoor vulnerability

Title source: cna

Exploitation Summary

CVE-2026-49777 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including izxci. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2026-49777, a backdoor RCE vulnerability in ShapedPlugin Product Slider Pro for WooCommerce, attributed to improper input validation (CWE-1284). It includes affected versions, patch status, CVSS scoring, and mentions an exploit script but does not provide functional code.

Description

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4.

Exploits (1)

github WRITEUP

by izxci · poc

https://github.com/izxci/CVE-2026-49777

View Code ZIP pw:eip

The repository provides a detailed technical analysis of CVE-2026-49777, a backdoor RCE vulnerability in ShapedPlugin Product Slider Pro for WooCommerce, attributed to improper input validation (CWE-1284). It includes affected versions, patch status, CVSS scoring, and mentions an exploit script but does not provide functional code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: ShapedPlugin Product Slider Pro for WooCommerce < 3.5.3

No auth needed

Prerequisites: network access to vulnerable WooCommerce instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Jun 12, 2026 Full analysis →

Nuclei Templates (1)

WordPress Product Slider Pro for WooCommerce < 3.5.4 - Supply Chain Backdoor RCE

CRITICALVERIFIEDby DhiyaneshDk

Shodan: http.component:"WordPress"

FOFA: body="wp-content/plugins/woo-product-slider-pro"

References (1)

Core 1

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/wordpress/plugin/woo-product-slider-pro/vulnerability/wordpress-product-slider-pro-for-woocommerce-plugin-3-5-2-backdoor-vulnerability?_s_id=cve

Scores

CVSS v3 10.0

EPSS 0.0124

EPSS Percentile 65.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2026-06-05

CWE

CWE-1284

Status published

Products (2)

ShapedPlugin, LLC/Product Slider Pro for WooCommerce < 3.5.3

ShapedPlugin, LLC/Product Slider Pro for WooCommerce < 3.5.4

Published Jun 05, 2026

Tracked Since Jun 05, 2026