CVE-2026-10735
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 were distributed with malicious code through the vendor's compromised update server, allowing unauthenticated attackers to deploy a second-stage payload that exfiltrates credentials and other sensitive data and grants full control of affected sites.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | smart-post-show-pro | 4.0.1 < 4.0.2 | affected |
| Unknown | Real Testimonials Pro | 3.2.4 < 3.2.5 | affected |
| Unknown | Product Slider for WooCommerce Pro | 3.5.2 < 3.5.3 | affected |
Weaknesses
- CWE-912 Hidden Functionality
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.