## https://sploitus.com/exploit?id=C0C41549-A96F-54F9-85D8-1A24CFAE99BD
# CVE-2026-49777
CVE-2026-49777 - ShapedPlugin Product Slider Pro for WooCommerce Backdoor RCE
In-Depth Technical Analysis: Product Slider Pro Backdoor Vulnerability
Vulnerability Basis and Cause (CWE-1284)
The technical origin of the vulnerability is classified as CWE-1284: "Improper Validation of Specified Quantity in Input". This means that the software receives input from the user that is expected to specify a quantity (e.g., size, length, number) but does not properly validate this input. Attackers can exploit this vulnerability to send malicious input that is different from what is normally expected, causing the system to exhibit unexpected behavior.
.
Affected Versions and Patch Status
Affected Versions: All versions prior to 3.5.3.
Secure Versions: 3.5.4 and later.
Patch Status (Critical): Although the plugin developer (ShapedPlugin, LLC) fixed the vulnerability in version 3.5.3, they have not officially released a new version number. The fix is integrated into the current 3.5.3 version. This makes it impossible for site owners to reliably determine whether they are running a secure version. Therefore, the vulnerability is officially considered "unpatched".
CVSS Score and Risk Assessment
Base CVSSv3 Score: 10.0 (Critical)
Risk Assessment: This vector indicates that the attack could be carried out over the network (AV:N), with low complexity (AC:L), without requiring any authorization (PR:N), and without user interaction (UI:N). A successful attack would completely compromise the confidentiality (C:H), integrity (I:H), and availability (A:H) of the system, and its impact could spread beyond the target system (S:C).
Exploit: Python Script for Automated Detection and Exploitation (CVE-2026-49777.py)