CVE-2026-49777: CWE-1284 Improper Validation of Specified Quantity in Input in ShapedPlugin, LLC Product Slider Pro for WooCommerce
CVE-2026-49777 is a critical vulnerability in ShapedPlugin, LLC's Product Slider Pro for WooCommerce involving improper validation of specified quantity in input. This flaw allows malicious software implantation, potentially leading to full compromise of confidentiality, integrity, and availability. Although the vendor applied a fix to an existing release without issuing a new version, this practice leaves users unable to verify if their installation is patched, effectively treating all known versions as unpatched. The vulnerability has a CVSS score of 10. 0, indicating maximum severity. No official patch version has been published, and no known exploits are reported in the wild at this time.
AI Analysis
Technical Summary
The vulnerability identified as CVE-2026-49777 in Product Slider Pro for WooCommerce is due to improper validation of specified quantity input (CWE-1284). This input validation flaw can be exploited remotely without authentication (AV:N/AC:L/PR:N/UI:N) and affects the product's security state (S:C) with high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). The vendor has applied a fix internally without releasing a new version, causing ambiguity about the patch status. Consequently, all existing versions are considered vulnerable. No patch or official remediation level has been published, and the product is not a cloud service.
Potential Impact
Successful exploitation of this vulnerability can lead to complete compromise of the affected system, including unauthorized code execution or malicious software implantation. The critical CVSS score of 10.0 reflects the potential for severe impact on confidentiality, integrity, and availability. Since no confirmed patched version is publicly available, users remain at risk until they can verify the presence of the vendor's fix.
Mitigation Recommendations
Patch status is not yet confirmed—users cannot reliably determine if their installation includes the vendor's fix because it was applied without a new version release. It is recommended to contact ShapedPlugin, LLC directly for verification and guidance. Until an official patched version is published, treat all existing installations as vulnerable and consider applying additional protective controls such as input validation proxies or restricting access to the affected plugin where feasible.
CVE-2026-49777: CWE-1284 Improper Validation of Specified Quantity in Input in ShapedPlugin, LLC Product Slider Pro for WooCommerce
Description
CVE-2026-49777 is a critical vulnerability in ShapedPlugin, LLC's Product Slider Pro for WooCommerce involving improper validation of specified quantity in input. This flaw allows malicious software implantation, potentially leading to full compromise of confidentiality, integrity, and availability. Although the vendor applied a fix to an existing release without issuing a new version, this practice leaves users unable to verify if their installation is patched, effectively treating all known versions as unpatched. The vulnerability has a CVSS score of 10. 0, indicating maximum severity. No official patch version has been published, and no known exploits are reported in the wild at this time.
CVSS v3.1
Score 10.0critical
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability identified as CVE-2026-49777 in Product Slider Pro for WooCommerce is due to improper validation of specified quantity input (CWE-1284). This input validation flaw can be exploited remotely without authentication (AV:N/AC:L/PR:N/UI:N) and affects the product's security state (S:C) with high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). The vendor has applied a fix internally without releasing a new version, causing ambiguity about the patch status. Consequently, all existing versions are considered vulnerable. No patch or official remediation level has been published, and the product is not a cloud service.
Potential Impact
Successful exploitation of this vulnerability can lead to complete compromise of the affected system, including unauthorized code execution or malicious software implantation. The critical CVSS score of 10.0 reflects the potential for severe impact on confidentiality, integrity, and availability. Since no confirmed patched version is publicly available, users remain at risk until they can verify the presence of the vendor's fix.
Mitigation Recommendations
Patch status is not yet confirmed—users cannot reliably determine if their installation includes the vendor's fix because it was applied without a new version release. It is recommended to contact ShapedPlugin, LLC directly for verification and guidance. Until an official patched version is published, treat all existing installations as vulnerable and consider applying additional protective controls such as input validation proxies or restricting access to the affected plugin where feasible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Patchstack
- Date Reserved
- 2026-06-01T15:29:19.865Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a22946de29bf47b50525693
Added to database: 6/5/2026, 9:18:37 AM
Last enriched: 6/5/2026, 9:33:34 AM
Last updated: 6/5/2026, 3:30:01 PM
Views: 28
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.