CVE-2026-0684

by Fred · 13/01/2026

The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the ‘cpis_admin_init’ function’s permission check. This makes it possible for authenticated attackers, with Contributor-level access and above, to import arbitrary products via XML, if the XML file has already been uploaded to the server.

More information : https://plugins.trac.wordpress.org/browser/cp-image-store/tags/1.1.9/cp-image-store.php#L826

CVE-2026-0684

Similar

Recent Posts

Categories

CVE-2026-0684

Share this:

Similar

Recent Posts

Categories

Tags