Vulnerabilities

Essential Guide: CVE-2026-0684 - CP Image Store with Slideshow <= 1.1.9 - missing authorization to authenticated (...

2026-01-13 0 views admin

CVE ID : CVE-2026-0684 Published : 13. Januar 2026 14:16 | 28 Minuten ago Description : The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpis_admin_init' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and above, to import arbitrary products via XML, if the XML file has already been uploaded to the server. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-0684

Severity

MEDIUM

Affected Product: WordPress

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-0684mediumwordpress

Essential Guide: CVE-2026-0684 - CP Image Store with Slideshow <= 1.1.9 - missing authorization to authenticated (...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2022-50937 - Ametys CMS v4.4.1 - Cross Site Scripting (XSS) (2026)

CVE-2022-50936 - WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated) (2026)

CVE-2022-50935 - FLAME II MODEM USB - Unquoted Service Path - Guide

CVE-2022-50934 - Wing FTP Server - Authenticated RCE - Complete Guide

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting