PT-2026-2636 · WordPress · Cp Image Store With Slideshow
Kazuma Matsumoto
·
Published
2026-01-13
·
Updated
2026-01-13
·
CVE-2026-0684
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
CP Image Store with Slideshow plugin for WordPress versions up to and including 1.1.9
Description
The CP Image Store with Slideshow plugin for WordPress contains a flaw where an authenticated attacker with Contributor-level access or higher can import arbitrary products via XML, provided the XML file has been previously uploaded to the server. This is due to a logic error in the permission check within the
cpis admin init function.Recommendations
Update the CP Image Store with Slideshow plugin to a version later than 1.1.9.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cp Image Store With Slideshow