Vulnerabilities and security researches forcp-image-store cp-image-store

Jun 06, 2024

CVE, Research URL: CVE-2022-1692
Home page URL: Security reports for CP Image Store with Slideshow
Application: CP Image Store with Slideshow
Date: Jun 08, 2022
Research Description: The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack
Affected versions: max 1.0.6.
Status: vulnerable

Apr 16, 2026

CVE, Research URL: CVE-2026-0684
Home page URL: Security reports for CP Image Store with Slideshow
Application: CP Image Store with Slideshow
Date: Jan 13, 2026
Research Description: The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpis_admin_init' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and above, to import arbitrary products via XML, if the XML file has already been uploaded to the server.
Affected versions: max 1.2.0.
Status: vulnerable