Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4.
The error classified as CWE-1284 (Improper Validation of Specified Quantity in Input) consists of the lack of proper verification of quantity values in data passed to the plugin. Exploitation of this vulnerability enables injection of malicious code (Malicious Software Implanted) directly into the WordPress environment. The attack vector is network-based, requires no authentication or user interaction, and the attack scope exceeds the component boundary (Scope: Changed).
An attacker can implant a backdoor on the server, leading to complete breach of confidentiality, integrity, and availability of data and system. The consequence may be persistent unauthorized access to the infected WordPress site.
The Product Slider Pro for WooCommerce plugin should be immediately updated to version 3.5.4 or newer. Administrators should also scan the site for the presence of malicious code or unauthorized changes to files that may have occurred before patch installation.
WordPress plugin Product Slider Pro for WooCommerce by ShapedPlugin, LLC — versions from n/a to 3.5.3 (before 3.5.4).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H